9 tips for CISM exam success [updated 2019]

July 5, 2019 by Claudio Dodt

It is quite easy to understand why companies are in dire need of information security managers: Almost every day new threats or vulnerabilities are discovered and the risk of major security incidents only seem to rise.

Right now, as security efforts shift from protection to prediction, one of the main challenges does not originate from cybercriminals, but from the shortage in skills. This shortage includes technical skills and the ability to understand business needs and communicate them properly.

As the expertise level demanded of senior security experts continues to change and increase, companies are having a tough time finding qualified professionals. One of the best strategies to prepare for such career opportunities is using high-level certifications such as ISACA’s CISM (Certified Information Security Manager) to provide evidence of both knowledge and experience level.

When compared to other similar certifications like the CISSP, the CISM stands out as being mainly management focused. It was conceived by ISACA for promoting the use of international security practices and developing the necessary skills to manage, design, oversee and assess an enterprise’s information security program. The exam contains 150 questions across four domains that must be completed in less than four hours. Once the exam is successfully beaten, candidates are still required to provide proof of at least five years of work experience in information security management.

Earning a CISM certification demonstrates you have sufficient skills to understand the relationship between an information security program and broader business objectives. As stated before, this specific skillset is in extremely high demand and is an excellent choice for career progression. Here are a few practical tips to help you pass your CISM exam.

1. Read the ISACA’s exam candidate information guide

Every year, ISACA publishes an updated version of its candidate guide. It provides lots of practical information for the CISM exam. The latest version can be freely downloaded here and can be used to review important topics such as exam registration, deadlines and key details for exam-day administration. It even contains valuable information such as the exam domains, the number of exam questions, exam length and languages. No candidate should take the CISM exam without reading this guide.

2. Learn to think like a manager

Unlike other security certifications, the CISM is management-focused. While it is important for candidates to have a proper understanding of the technical concepts covered by the exam, it is essential to think like a manager. For instance, during the exam, what seems to be the perfect technical solution may not represent the correct answer. It is necessary to take into consideration factors such as company strategy, the costs involved and how a security control may negatively affect business process. Developing a manager mindset and using a holistic, business-oriented approach is the best approach for solving CISM questions.

3. Make good use the right resources

As with any other ISACA’s top certification, checking the official CISM Exam Resources should be a priority. The CISM Review Manual, available both as a hardcopy or in e-book format, is comprehensive and easy-to-navigate, as it is divided according to CISM’s four job practice areas: Information Security Governance, Information Risk Management, Information Security Program Development and Management and Information Security Incident Management.

The CISM Review Manual features important items such as task and knowledge statements, self-assessment questions, suggested resources for further reading and an extensive glossary covering all the exam concepts. Its latest version has been updated to also include new elements like “in-practice questions,” knowledge checks designed to reinforce and enhance the learning process, and case studies, making it easier to gain a practical perspective on the exam content.

Should you decide to use the CISM Review Manual, you can be certain the answer to each and every exam question is explained somewhere amongst its pages.

4. Take practice exams

As mentioned before, the CISM Review Manual adequately covers every inch of the exam content, but there is no substitute for practice questions when preparing for the CISM.

You should start practicing by taking the free 50-question self-assessment from ISACA, and then move to the official CISM Review Questions, Answers & Explanations. It is available both as a hardcopy or as a web-based subscription service. Either way, the content is the same: 1,000-question pool, with answers explained in detail. Keep in mind while questions are not actual exam questions, the type, structure and level of difficulty fully represent what is expected of candidates during the real test.

The online version can be used anywhere with an Internet connection and allows the creation of custom sample exams, ranging from quick, 20-question rounds to full, 150-question simulations. Its record-tracking feature facilitates the task of identifying both strengths and weaknesses based on specific domains or subjects, helping candidates focus study efforts accordingly.

5. Create a study plan

When creating your study plan, be realistic about your work and life obligations. Try to schedule study time during your down time, or in conjunction with times when you may be using some of the material you are learning.

Other factors to consider while creating your study plan include:

  • How soon do you intend to take the examination? Check the PSI website to find a time that works for you.
  • How much can you spend on preparation material and training courses? Look for official, certified study materials and training to make sure you have a thorough understanding of each topic covered in the exam.
  • What training method best suits you? Some people prefer self-learning, while others think there is no substitute for the classroom. Use your past learning experiences to help you pick the method to help you prepare best.
  • How well acquainted are you already with the exam subjects? Your personal experience can save you some studying time, but you should take into consideration factors such as the exam length and question logic. Relying too much on experience alone is a poor strategy that will likely lead to bad results.

6. Get involved in an exam prep course

Deciding to use a self-study-only approach may seem like a bold decision, but it may not be the best strategy. Going through a certification preparation course lets you spend time with an experienced instructor, with actual knowledge on how to beat the exam. It is an excellent opportunity to get all your questions answered, share experiences and strategies, and even network if it is in-person training. This results in a greater success rate on any certification exam. 

7. Join the CISM Exam Study Community

The CISM Exam Study Community is sponsored by ISACA and is freely available to every candidate. It was created to allow the sharing of questions, study methods and tips for the exam. It is coordinated by community leaders: past top candidates responsible for moderating message boards, facilitating and even driving discussions.

Again, the CISM exam community should not be dismissed: It is a terrific place for learning what to expect the day of the exam, it costs nothing and allows candidates to ask and answer questions, read study tips, share experiences, find exam preparation resources and be in direct contact with other like-minded professionals that are facing (or have successfully faced) the same challenge.

8. Have an exam-day preparation plan

Address these three basic items at least a week in advance of your exam:

  • Is your exam kit ready? Check the Exam Candidate Guide to make sure you have everything you need for the day of your CISM exam.
  • Are you calm and well rested? Many candidates fail because of physical and mental exhaustion. Staying up late doing a final round of study may sound tempting, but last-minute reading is usually not a good thing, and may even leave you anxious. If you think it is important to do a final review, do a selective reading instead. Also, do not focus solely on weaknesses. If you have not mastered a specific topic until now, you may prefer to focus on enhancing the areas where you’re good. A great tool for selective reading is using summaries or glossaries.
  • Did you make the necessary arrangements to be on time at the test site? Candidates may not be admitted to the site if they are late. If you are using public transportation, double check the best routes; if you are driving to the exam site, make sure you know where to park beforehand. 

9. Clear your mind

Use these tips to clear your mind and stay focused during the exam:

  • Be aware of time. During the exam, you may reach a high level of concentration I like to call “the zone.” This means a greater focus, which is good for problem solving, but can cause you to lose track of time. What may seem like seconds can be precious minutes; hours tend to pass at a very fast rate, so make sure you have time to go through every question on the exam.
  • Take your time reading the questions. Even with limited time, it is important not to rush. Take your time, pay attention to each question and answer option and make sure you understand what is being asked. Watch for distractors (options that are obviously false) in multiple-choice questions that can be quickly eliminated. It is also important to pay close attention to terms such as MOST, LEAST, NOT, ALL, NEVER and ALWAYS, since they can entirely change a sentence.
  • Try to relax. Remember to stretch and relax your muscles during the exam. A relaxed mind can help you solve difficult questions.
  • Remember, there is no reason to panic. Remaining calm will improve your concentration. If you followed your study plan correctly, your results will likely be great; if not, you will have a lot more experience during the next try!

All in all, earning the CISM certification is a wonderful way to demonstrate a high level of commitment with your information security management skills. It will show you have advanced information security expertise and also the required knowledge and experience for developing and managing a complete information security program. Plan ahead and use these nine tips as a basis for your study strategy, but also consider enrolling in official training.

Posted: July 5, 2019
Articles Author
Claudio Dodt
View Profile

Cláudio Dodt is an Information Security Evangelist, consultant, trainer, speaker and blogger. He has more than ten years worth of experience working with Information Security, IT Service Management, IT Corporate Governance and Risk Management.

Leave a Reply

Your email address will not be published. Required fields are marked *