How can you give yourself the greatest chance of passing your CISM exam? We want to help you.
Help yourself get certified by following our tips and guidance.
For most, there’s a lot riding on a certification attempt. You might need it for your job, or as part of your professional development. It might be something that everyone knows you’re doing so there’s a lot of peer pressure. And it might be attached to promotions and salary increases. Sitting for a certification also requires a significant investment of time and energy to learn, study, and master new material, when we’re all at full stretch. And finally, it can be really scary if you’ve not done an exam for some time… which is most of us.
But, it is great to learn about an area important to our day to day jobs or which we want to move into. It gives us a common language and approach that we can share with other practitioners. It shows your commitment to security and, if you do your CPDS and pay the maintenance fees, you won’t have to do it again. And when you pass, the feeling is amazing!
But first … what’s involved with sitting for the exam? Some basic facts:
For more on how to register, what the exam will be like and what you need to do after you’ve passed, see our other blog post here.
The very first thing you should do is have a look at the CISM Job Practice Areas and the certification requirements and make sure this is the right certification for you. If it is, and you’ve got the time, then go for it.
I like to refer back to the CISM Job Practice Areas regularly to make sure that my preparation is covering all of the material I need to be across.
Once you’ve decided to go for it, pick an exam date ideally not too far out. Somewhere between 4 weeks – 3 months should be sufficient, depending on your base level of knowledge.
After you’ve got your target exam date. then create your study plan. Don’t wait to get started or procrastinate til the day before the exam. You need to plan this like any project and work out a realistic study program that will get you ready by the target exam date.
I suggest breaking the material down by domain, and allow yourself time at the end to focus on exam question prep. Ideally you should give yourself 1 – 3 weeks for each domain (depending on how familiar you may already be with the content), studying on weekends with a bit of revision during the week. I suggest around 5 – 15 hours per week.
When putting together your plan, try and work out the learning methods that work best for you. It might be by reading but it could be by listening, or probably a combination of both. Ideally try and mix up a combination of listening to training recordings plus reviewing the key study materials, highlighting important ideas and concepts, making notes and then reviewing those notes again plus also doing some practice exams.
I like to keep on summarising the material down til all four domains are on a single sheet, with words and phrases acting as reminders of the key concepts. For me, the process of summarising helps embed the knowledge and means you can review more efficiently when you have prompts to remind you of more detailed content.
Set up a regular study schedule with dedicated blocks of time each week. Think about what time of day works best for you and plan accordingly. Sometimes, an hour first thing in the morning before everyone else is around the emails start coming in, is the best time. Consider the setting – do you need to be in a quiet office, or can you study successfully with your family around?
Whatever method of learning you follow and time and place you choose to do your exam prep, make sure you have a plan and do your best to stick to it.
It’s almost impossible to sit the exam without reading the ISACA textbook. It covers each of the domains comprehensively plus includes some practice questions. Make sure you get hold of that text book somehow, plus another text if you like reading.
Here’s a review of some of the other CISM texts.
It can be helpful to back up the text book with training – either one of the free courses that are around or you can train with us. This is particularly the case if you have problems finding the time in your busy work/homelife schedule or if you get distracted easily. Taking yourself away and doing a dedicated training course might be the only way to go.
BUT if you do the training, try and do some prep beforehand so you know the areas you are weak in and where you need to pick the trainers brain.
If you do invest in training. don’t delay in booking your exam. The longer you leave it between the training and taking the exam, the more you forget and the less helpful the training will be.
There’s a list of ISACA published resources that are helpful. There’s also lots of other resources around. Here are some training course options:
Prepaway have some practice exam questions.
And don’t forget the short free ISACA CISM exam you can do, which is available here.
After you’ve gone through all the materials (text book plus training plus other background prep) and started on your summarising, take your first real practice test. This helps identify the level of knowledge you need to have for each domain. It can also let you know how prepared you are: do you need to do a bit more work in a particular area.
By the end of your study period, you should have done lots and lots of practice exam questions. Don’t wait until right before your exam attempt deadline, you may not have enough time to work on areas of improvement or to prepare your brain for the rigours of 4 hours of multiple choice questions.
Some tips for practice exam questions:
There is a practice exam on the ISACA site that is worth doing early in your study prep to help focus your study. It can also give you an insight into how ISACA think. Remember, often there are different views of the same question. If you want to pass the exam, then try and think of what might be the ISACA view, even if you personally may hold a different opinion.
And maybe don’t tell anyone when you’re sitting that exam. That way you can avoid any awkward questions.
On exam day, do your best to get enough sleep. Make sure to have your identification, your exam registration details and anything else you might need.
During the exam, take things one question at a time. If you can’t work out an answer – move on and come back to that question later. Stop and take a deep breath if you’re getting overwhelmed, and if needed, take a break.
Make sure you manage your time properly. There should be ample but don’t let yourself spend too much time on those tricky questions.
Don’t forget, everyone is nervous, and not many people love doing an exam. If you’ve done the work, manage your time properly and keep the nerves under control, you will put yourself in the best possible position for a successful exam outcome.
And it is worth it to be able to put those letters after your name.
Good luck with the study!
Information security governance
Information security operations
Risk Management
Information Security Incident Management
Audit and monitoring