I passed the ISACA’s CISM exam on May 10, 2018, and since then have received a number of messages asking about the preparation strategy and schedule, especially from the fellow students. Before I begin, please be informed that my preparation strategy could be very different from that of yours since I was juggling with semester midterms/exams, assignments, part-time 20/40 hour work week and additional responsibilities of CCIS Masters Council. I started the preparation in mid Jan’18 and was very much on schedule until the end of the exam.
Aug 02, 2018 Published 04:05 PM Updated 12:54 PM. Once you have passed the exam and have acquired all of the necessary work experience, you can submit. Table of Contents About This Manual Overview Format of This Manual Preparing for the CISA Exam Getting Started Using the CISA Review Manual Manual Features Using the CISA Review Manual and Other ISACA Resources About the CISA Review Questions, Answers and Explanations Products Chapter 1: Information System Auditing Process Overview Domain 1.
Pre-requisites and course material:
- Please watch this video by Sean Hanna and make notes/preparation strategy before you start preparing for the exam: CISM exam webcram
- Read this blog post by Claudio Dodt: ISACA CISM: Why you should do it and how to pass the certification exam!
- CISM Review Manual, 2015 edition*
- CISM Review Questions, Answers & Explanations Database - 12 Month Subscription*
* Both can be bought from CISM exam resources: Link
I divided the complete preparation strategy into 4 phases:
Phase 1: Read the CISM review manual (CRM) end-to-end
Timeframe: Mid Jan’18 to Feb’18
In the 1st read, I underlined the key points. This came handy during the 2nd and 3rd reading, where I just brushed through the concepts. I also realized that after a period of time, I could connect the dots with the roles I previously worked on and how I could have done them differently. I thoroughly read the content and retained ~60% of the concepts.
Phase 2: Re-read the CRM and solve the questions from Q&A database
Timeframe: Mar’18
I started the 2nd read in Mar and read only the important content I underlined in the first reading. In this read, I highlighted the content which required further pondering and another read (e.g. concepts of RPO, RTO, AIW). Simultaneously, start solving at least 30 questions daily. Aim for at least 60% in every test.
Phase 3: Re-re-read the CRM and solve the questions from Q&A database.
Timeframe: Apr’18
Only read the 'underlined+highlighted’ content and make sure you understand each of the concepts by-heart. Solve at least 50 questions on a daily basis and make sure 20 of them are trouble questions. Check the detailed results for each of the exam areas and give special attention to the domain where you’re scoring less (I called it ‘Targeted domain’); for me, it was ‘Information Security Incident Management’ since I never had the first-hand opportunity to work in this domain. Aim for at least 75% in every test.
Phase 4: Glossary and practice tests
Timeframe: 01 - 09, May’18
The CRM has a rich glossary of all the important terminologies and serves as a quick refresher during the final phase of the exam. [Glossary link] I also started solving practice tests every weekend, which I think helped a lot during the real exam. It’s much difficult to sit for 4 hours straight (and stay concentrated) than we think it to be. Try giving the practice tests in different moods and environment.
Tips I found helpful:
Isaca Cism Requirements
- Develop a plan before starting the preparation, the exam is called Certified Information Security ‘Manager’ for a reason.
- Solve Practice tests every weekend in different conditions after phase 2.
- Dedicate extra time and become aware of the rationale for choosing the correct/incorrect answers and ponder about why you chose that answer. [it’s more important to know the reason for an incorrect answer than the correct answer]
- Read every question twice, no matter how familiar/simple the question looks, before jumping on the answer.
- Consider the exam to be a marathon and not sprint. Become comfortable with sitting straight for 4 hours and staying concentrated. “You can not run a marathon by preparing for sprints'.
Please feel free to comment/message any specific queries/questions you may have. :)
Cheers, all the best, make it rain!
-Shobhit
Isaca Cism Exam
The CISM job practice can be viewed at www.isaca.org/cismjobpractice and in the Candidate’s Guide to the CISM® Exam and Certification. The exam is based on the knowledge statements in the job practice, which involved thousands of CISMs and other industry professionals worldwide who served as committee members, focus group participants, subject matter experts and survey respondents.
The CISM® Review Manual is updated annually to keep pace with rapid changes in the management, design, oversight and assessment of information security. As with previous manuals, the 2013 edition is the result of contributions from many qualified authorities who have generously volunteered their time and expertise. We respect and appreciate their contributions and hope their efforts provide extensive educational value to CISM manual readers.
Your comments and suggestions regarding this manual are welcome. After taking the exam, please take a moment to complete the online questionnaire (www.isaca.org/studyaidsevaluation). Your observations will be invaluable for the preparation of the 2014 edition of the CISM® Review Manual.
The sample questions contained in this manual are designed to depict the type of questions typically found on the CISM exam and to provide further clarity to the content presented in this manual. The CISM exam is a practice-based exam. Simply reading the reference material in this manual will not properly prepare candidates for the exam. The sample questions are included for guidance only. Scoring results do not indicate future individual exam success.
Certification has resulted in a positive impact on many careers. CISM is designed to provide executive management with assurance that those earning the designation have the required knowledge and ability to provide effective information security management and consulting. While the central focus of the CISM certification is information security management, all those in the IT profession with security experience will certainly find value in the CISM designation. ISACA wishes you success with the CISM exam.