How to prepare CISM Exam

CISM (Certified in Information Security Manager) is a certification issued by professional association ISACA.

The purpose of this post is to provide information to future exam candidates about how to pass the exam, based on my own experience.

Frequently Asked Questions about the exam

How long do I need to prepare the exam?

This answer is different depending on each person: how many hours are going to spend on this per week, how much do you know about the subject, etc.

As a general reply, I heard once you need from 3 to 6 months.

In my case, having a full time job but dedicating most of the free time I had (including weekends), it took me 15 days just to read the CISM Review Manual (half the time it took me for CISA Review Manual) and other 15 to perform all tests. Then 15 days more to review some parts of Review Manual and repeat tests.

What is the recommended material for exam preparation?

The official resources to prepare the exam is:

  1. CISM Review Manual (printed or eBook)
  2. CISM Review Questions, Answers & Explanations Manual (printed or eBook)
  3. Temporary subscription to CISM Database (online)
  4. Official courses

They are all available to buy, subscribe on enroll on ISACA web.

You may not need to use all the resources to pass the exam. In my case, I just use the two first:

  • CISM Review Manual
  • CISM Review QA&E Manual

Ensure you get the latest version of the material, as there is a new edition each 5 years at maximum.

There may be unofficial material and courses as well. I do not have experience with unofficial CISM resources.

It surprised me because many CISM tests questions (specially those from domain 3 “Information Security Program Development and Management”) were quite technical and not covered in CISM Review Manual. Nevertheless, they were mostly cover on CISA Review Manual (e.g., CISM Domain 3 questions were very related to CISA Chapter 3 “IS Operations, Maintenance and Service Management” and 4 “Asset Protection”).

Because of this, I would strongly recommend to pass (or at least prepare) CISA certification before going for CISM certification.

Alternative preparation material (that I did not try myself):

  • CISM AIO McGraw Hill book
  • CISM Linkedin Video Mike Chapel
  • CISM Thor Videos
  • CISM Cybrary Kelly Video
  • CISM YouTube videos
  • CISM Flashcards

How can I prepare the exam?

The exam preparation technique must be adapted to the exam candidate previous knowledge and capacities. I am going to explain what worked for me, but you may adapt these steps to yourself.

  1. Read “Review Manual”

    • Text is sometimes quite dense. In order to make the read process more comfortable, I highlighting titles, key concepts, topics and bullet point titles.
    • I tried to make the read agile and not to get stuck on any specific page. If I felt that a section required a review from my side, I noted it down to review it later.
    • It took me 1 month.
  2. Complete all questions in “Review QA&E Manual”
    • Try to guess the result before checking the solutions, as it is easier to remember an answer if there is an emotion involved (satisfaction of having chosen the correct answer, frustration of having responded it incorrectly).
    • If you have the paper version, you may used a paper sheet to cover the solutions while you are still reading the answers.
    • I found very useful to make a mark next to a question each time I fail it or when I found it was a tricky one that was worth to be reviewed. This help you to focus on them when reviewing questions.
    • Whenever I needed to look up “Review Manual” to check an answer, I found useful to write down the page where it was explained next to the question in “QA&E Manual”.
    • It took me 15 days to read, answer and check all questions.
  3. Review topics from “Review Manual”
    • At this point, I had clear which points were less clear to me. So I could revisit these topics.
    • Some exam candidates recommend to read the whole “Review Manual” on this step. Do it if you feel you need it or if you are plenty of time. I did not do it as I had time constraints.
    • This step and the next two took me 15 days.
  4. Simulate full exam
    • There is a full exam sample at the end of “Review QA&E” manual. If you use the online database, you will probably have an exam simulation option.
    • Try to simulate the exam on real conditions: switch off your mobile phone, do not interrupt the exam until you have finished it, do not stand up during the exam time, do not go to the toilet, do not eat and do not drink, do not lookup answers or review material.
    • Like this, you will get a better idea of how to be well prepared for the real exam.
    • Check the the results. Calculate the percentage of fails per job domain to assess which is the chapter you need to reinforce.
    • Review the incorrect answers.
  5. Review failed questions
    • Review failed question on “QA&E”.
    • If you do not have time constraints, you may want to review all questions.

Once you feel you are ready to do the exam, you can register for the exam.

You might also be interested in…

External References

Leave a Reply

Your email address will not be published. Required fields are marked *