CISM Details

image
image
image
image

Introduction

ISACA's Certified Information Security Manager (CISM) certification indicates and individual's expertise within the field of Information security governance, program development and management, incident management and risk management. Take your career out of the technical realm to management!

Course Content :

  • Module 1 – Information Security Governance.
  • Module 2 – Information Risk Management.
  • Module 3 – Information Security Program Development & Management.
  • Module 4 – Information Ssecurity Incidet Management.

Certified Information Security Manager (CISM) certification indicates and expertise within the field of Information security governance, program development and management, incident and risk management.


Virtual Instructor-Led Training

Get the best of both worlds: personal interaction with expert instructors and the convenience of an online classroom. Expand your understanding of everything from audit and assurance to information security, cybersecurity, and managing reporting on risk. Our expert training will guide you through the critical concepts needed to master the CISM exam.

Read The ISACA’s Exam Candidate Information Guide

Every year, ISACA publishes an updated version of its candidate guide. It provides lots of practical information for the CISM exam. The latest version is freely available from the ISACA website.This should be used to review important topics such as exam registration, deadlines and key details for exam-day administration. It even contains valuable information such as the exam domains, the number of exam questions, exam length and languages. No candidate should take the CISM exam without reading this guide.

Time Management

Next, you want to consider your time management on the day of. There are 150 (down from 200 previously) questions to be answered in four hours. This means that you have ~70 seconds per question. You may answer some quick, and you may take longer for others. Therefore, you must track the time periodically. There will be a clock in the exam room to help you keep track.

My suggestion is to allow 1 hour for every 50 questions. Depending on how fast/slow you progress, you can slow down/speed up accordingly. You can get an idea for how you will do on the mock exam practices, but you won’t know for certain until you’re in there on exam day.

Also, the questions do not appear based on the sequence of the domains, so don’t waste time figuring out which domain a question belongs. Just answer and move along.

Critical Success Factors To Pass

It has been observed that individuals with technical background constantly encounter complications in understanding the concepts of governance and auditing, as they concentrate more on the technical aspects. This is a strong reason for not being able to perform as an individual must also look at the holistic approach to thinking from a manager’s or an auditor’s perspective.

And on the other hand, it becomes difficult for an individual with auditing and accounting background to understand the technical topics. Such students/candidates need to work on the core concepts and objective of a technology being developed.

Whereas, the most experienced professionals try to apply their own techniques which turn out to be unreliable. It is recommended for you to solely consider ISACA’s techniques as these are globally accepted, practical and is standardized.

Familiarize With The Exam Question Format

The CISM Exam Questions can be broadly categorized as Conceptual that tests your knowledge of fundamentals related to technology and auditing standards and Practical that tests your ability to understand a scenario and apply concepts in real business situations.

There may be few questions on core technologies, such as encryption, EDI, internet security and telecommunications control. You are however not required to study specific technology platforms, such as SAP, Oracle, and SQL.

Put On The ISACA Hat When Answering Questions

As you go through the practice questions, learn how ISACA asks the questions. First, read the questions very carefully – quickly but word by word. They can be quite wordy, tricky and sometimes, even appear subjective. Most tricky questions have at least one choice as the “distractor”. People fall into the trap if they don’t read the question carefully, not clear on the concepts, or rely on “gut feeling” when answering questions.

Therefore, for each question, you should read the question carefully, eliminate the distractor and obviously incorrect answer(s) to narrow the choice and pick the best answer.

CISM Exam Content - Difficulty Level

CISM primarily is designed for professionals with work exposure in Information Security. CISM in simple terms is 30,000-foot view through deep concentration on the strategic dimension of information security governance, program development and management to control probable impact on the organizational success. It can assist you in gaining higher quality for a new position or a raise or employment at a new organization or at your company, besides other benefits. As compared to other exams in the niche, it isn't considered particularly very tough to crack. If we talk about the exam content and syllabus, the exam consists of only 150 questions, which is a lighter one that most aspirants and successful professionals would agree to. It covers basic knowledge on a wide range of topics versus the specific knowledge in a particular topic. It depends on your learning style and previous experience; it could be both easy and tough. Interestingly, since this certification requires 5 years of experience and therefore is not intended for that information on the exam that is easier and for someone who is just starting their career. So, when talking about the job profiles for those who are starting out, it is always easier for those who have a couple of years experience than people who have no relevant experience in the field.

1
image

Candidates with neither audit nor IT experience

Studying for the actual exam may take up to 6 months. There are reference books listed at the bottom of this page if you need background information on IT auditing. It is better if you can get both the official CISM Review Manual for core studying, and one of the supplementary books for further explanation on the concepts. The ISACA Questions Database is a must for lots of practice.

2
image

Candidates with some audit or IT experience

You may need around 3 months for exam preparation. If you are an auditor, get the technology perspective; if you are an IT professional, get the audit perspective. Then, read the book and spend sufficient time in practice questions.

3
image

Seasoned IT auditing professionals

You probably only need a month to prepare. Start skimming through the CISM book and get familiar with the terms used by ISACA. Then, focus on practice questions and mock exam.

image
image

Looking for a partner to solve your cybersecurity and compliance challenges?

Cybersecurity isn't a challenge you have to solve on your own. We're here to help every step of the way to make finding the right solution as painless as possible. Contact us to start uncovering your answers.

CONTACT US