Last year, I passed the Certified Information Security Manager (CISM) exam and, surprisingly to me, earned the top global score. It is a great achievement for me in my professional educational activities, and I was glad to be recognized at the 2018 EuroCACS conference in Edinburgh, Scotland. Below are some insights and guidance from my experience that I hope will be useful to other CISM candidates.
Why CISM certification is important for me
CISM is a worldwide-recognized certification and is of great benefit for me as an information security professional and for my organization. It helps me to advance my career and be recognized among other information security practitioners.
In my professional activities, CISM certification helps me to adapt and adopt best practices, standards and frameworks that best fit my organization and align our information security program with business objectives and regulatory requirements. In addition, it helps my organization get competitive advantages, provide our customers with professional expertise, secure products and put in place advanced security services that meet their demands.
If you decide to take the CISM exam and become certified, it would be a good incentive for your professional growth and great opportunity to advance your career.
I would like to share some tips for preparing for and passing the CISM exam that may be useful for you.
Before you start
I recommend identifying the study materials and additional resources you’ll need to prepare for the exam and accomplish your goal.
I used the following study materials:
The CISM Review Manual helps to refresh your existing knowledge in the field of information security and also get additional knowledge and relevant information. The CISM Review Questions, Answers and Explanations Database is a very useful resource during the preparation and before passing the exam. It helps you evaluate the level of knowledge in each CISM domain and test your readiness for an exam. It also helps to test yourself in conditions that mimic the actual CISM exam.
This might be enough if you already have a broad knowledge and work experience in the field of information security. If not, ISACA’s exam prep courses and additional resources may be useful. You may also join the CISM Exam Study Community to connect with other professionals who are on the path to CISM certification or have already successfully passed the CISM exam.
Preparing for the exam
During the preparation for the exam, I reviewed each domain in the CISM Manual and then answered relevant study questions in the Q&A Database after each domain. After the full preparation, it may be useful to dedicate additional time to:
- Go through the study materials one more time. You may spend several additional weeks, but it can have a good effect.
- Try to answer problem questions again (Q&A Database provides this function) and make sure the underlying concepts and knowledge statements are clear to you.
- Make several attempts to pass a full CISM exam (150 questions) to determine if you need to adjust the time needed for answering the questions. Test yourself in conditions as close to the real certification exam as possible. It will help you to avoid time issues during the exam.
After the exam preparation, you should have a strong understating of the underlying information security management principles, concepts, methodologies and frameworks. Try to map the study material to real-world tasks and scenarios to better understand the knowledge statements and how they can be applied to accomplish your work tasks. If you don’t have enough experience, you may contact other professionals and experts in your organization or in your professional community.
Taking the CISM exam
Before taking the exam, I recommend reviewing the exam information and recommendations regarding the exam process and time management, contained in CISM Review Manual.
During the exam:
- Try to not spend additional time on problem questions where the answer is not clear until you have completed the ones with which you are more confident.
- Bookmark problem questions so you can quickly return to them later to review you answers.
- If you have additional time after answering all the questions, review bookmarked questions and check your answers.
After passing the exam
If you successfully passed the CISM exam and became certified, do not forget about continuous professional educational activities. It is especially important in such rapidly changing business, regulatory and technology environments. In addition, ISACA conferences and online events may be beneficial for you.
I hope some of these tips are helpful on your path toward certification. Good luck!