How I Passed CISM Exam: Everything You Need to Know
Introduction
In this article, I will share with you how I passed CISM exam. And I will explain the study materials I utilized to pass in my first attempt. Additionally, I will also share with you the strategy I employed to pass one of the most credible information security management certifications in the industry.
I have been working in cybersecurity for more than a decade now. And I want to share my insight, contribute to the field and help others who are interested to pursue cybersecurity as their career path.
I passed both CISSP and CISM exams within one year range and still aiming for more certificates in the field.
In this particular episode, I will share with you my practical experience and journey particularly in passing CISM exam and help you do the same.
This is my electronic CISM Badge for your verification.
Overview of Cybersecurity Certifications
For high level overview of vendor-agnostic cybersecurity certifications, please visit “How I Passed CISSP”. You will find description of some information security credentials you may be interested to earn. I will prepare an article on vendor-based reputable cybersecurity certifications in my upcoming episode.
Four Job Practices of CISM
The CISM exam covers four highly interrelated and complementary job practices that an information security manager should know and practice. I have provided brief explanation of each job practices and their corresponding weight in the exam as follows: However, these are subject to periodic changes and upgrades. And candidates should visit ISACA’s platform for up-to-date information on the exam.
Information Security Governance [24%]
This job practice focuses on establishing and maintaining governance frameworks and supporting processes in an organization. The overall purpose of this domain is to ensure that information security strategy is aligned with organizational goals and business objectives. The rules that run an organization are established by the board of directors and senior management.
Information Risk Management [30%]
The focus of this domain is to manage information risk to an acceptable level based on risk appetites of an organization. Moreover, it aims to establish mechanisms to reduce risk to meet organizational goals and objectives.
Information Security Program Development and Management [27%]
This domain focuses on developing and maintaining information security programs to identify, manage and protect organizational assets. The programs should be in alignment with information security strategy and business goals.
Information Security Incident Management [19%]
This domain is mainly concerned with planning, establishing and maintaining robust incident management program in organizations. The program will then enable organizations to detect, triage, investigate, respond to and recover from information security incidents. The overall objective of incident management domain is to minimize business impact of incidents to organizations.
My Study Materials
I recommend you to read the official documents from ISACA to understand the nature of their exam and the domains covered by the exam before referring other resources. The official resources from ISACA will be your compass to genuinely navigate through the resources required to pass the exam. This strategy will help you to be more specific and in scope for the exam.
I have listed below the resources I utilized in chronological order and in an iterative fashion to pass the CISM exam.
CISM Review Manual 15th Edition
This book by ISACA is ideal to pass the exam. Even though the format of the text is not appealing, the contents in the book are really to the point and make you prepare well for the exam. The manual contains information the candidate must at least understand and comprehend to be successful in the certification endeavors.
You should read it from cover to cover and you should pay more attention to “Self-Assessment Questions” included in the manual. And you should further comprehend the answer and explanation provided for each question in the four domains.
CISM Review Questions, Answers & Explanations Manual 9th Edition
This practice test manual will help the candidate to understand characteristics of ISACA questions and expectation to pass CISM exam. The questions in this book are highly similar to the actual questions in the real exam. Furthermore, the candidate must understand the nature and standards of questions from ISACA’s point of view. In other words, you cannot answer questions from your existing assumptions or pre-existing experiences from other organizations’ exams. I recommend you to read this manual cover to cover. And you should focus more on the good explanations and answers on each question.
CISM Certified Information Security Manager Exam Guide All-in-One
This book is content rich and goes to great length to explain each concept of the four domains to be understood even by less experienced professionals. It is well-written, comprehensive and easy to understand book. But you should pay attention to skim highly repetitive explanations in each chapter to save time and your energy.
It also unnecessarily goes to great length to explain too obvious issues which may sometimes distract you to stop reading it altogether. However, despite these issues, the book is great companion in your journey to earn your CISM certification and should read it cover to cover.
CISM Certified Information Security Manager Practice Exams
I recommend you to practice the questions in this book after reading the official practice test manual from ISACA. If you read this book before the official practice test, you may be influenced to answer questions from the view point of this author. In other words, you may unnecessarily feel worried about some of the difficult questions in this reference. Thus, it is better to stick to the official study materials first and then read further references after solidifying with the materials from ISACA. Further, you don’t have to worry about the more difficult questions present in this book as well. Rather try to get the best out of the book by carefully reading the explanations provided for each question. And this is your great companion to pass the CISM exam.
Certified Information Security Manager Exam Prep Guide
This book is to the point and contains summarized explanations and depictions of various information security management aspects. The organization and explanation of each content is fabulous. And it contains funny teaching illustrations that makes you smile while in studious state. I recommend this book to candidates to read each content provided. Further, aspirants should pay attention to the summarized questions presented in a tabular form. But, you can skim the actual questions and answers provided in the book as they are highly similar to the questions and explanations provided in the official practice test manual prepared by ISACA.
Prepare for the ISACA Certified Information Security Manager Exam
This book is highly summarized version that you must read at the eleventh hour. When I say at the last hour, I don’t necessarily mean you have to wait until the end of your preparation period. You can read it at the beginning, middle and any other convenient time that works for you. But, note that this is summary and you cannot rely heavily on this book to comprehensively understand the contents of CISM exam. However, make sure that you read this book or listen to the audio version immediately before you seat for the exam. You can consider this Review Manual of CISM as the correspondent 11th Hour Study Guide in CISSP.
Essential CISM Exam Guide
This book is also a summarized version and explains CISM contents in an easy to understand manner. Candidates should read this helpful book before seating for the exam. Aspirants should clearly and completely understand the contents provided in this book to gauge their level of preparation. If there is doubt in any of these summarized content, iterate and read further materials to clarify things out.
Preparation Period Mindset
Please refer my previous article “How I passed CISSP” to get complete information about my preparation strategy and mindset issues for CISM. I employed the same strategy to crack both CISSP and CISM exams.
Preparing for CISM after clearing CISSP was a bit straightforward. When you manage to pass CISSP successfully, you will already know many concepts repeated in CISM domains. The biggest challenge however to overcome when seating for two exams by separate organizations consecutively is to train your mind to think in terms of the later exam. There will remain too much residual information about the previous exam while preparing for the later. For instance, there are some terminologies that you should familiarize yourself with. Some information may require slight tweaking to fit for the current exam.
For example, in CISPP we say eight domains and in CISM we say Four Job Practices to mean the same thing. Another example, we don’t have implicit Task and Knowledge Statements in CISSP.
The Magic Note: Celebratory Mode
This method is also extensively covered in my previous episode “How I passed CISSP”. Candidates are invited to read the whole article to get the big picture about achieving certifications. The only change will be to replace “I PASSED THE CISSP EXAM” with “I PASSED THE CISM EXAM”.
Planning and Scheduling Considerations
Please refer my previous article “How I passed CISSP” to get complete picture about planning and scheduling for your certifications.