After passing CISSP and PMI-RMP on 06/19 and 07/10 respectively, Bruce provisionally passed ISACA CISM exam today (07/24). The exam is completed in 100 minutes.

It takes around 40 study hours to nail it. The preparation materials are listed as follows:

1. CISM Certified Information Security Manager All-in-One Exam Guide 1st Edition
2. YouTube Videos: Isaca CISM Real Exam 1~6
3. Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Ed.
4. NIST Special Publication 800-61 Revision 2 (Computer Security Incident Handling Guide)
5. CISA Review Manual, 26th Edition
6. CRISC Review Manual, 6th Edition
7. CGEIT Review Manual, 7th Edition
8. Organizational Project Management Maturity Model (OPM3) Knowledge Foundation
9. The Standard for Portfolio Management
10. The Standard for Program Management

I really love the exams from ISACA. They are management-centric, or more specifically, they are for CIOs, CISOs, or Information Security Managers. Exam candidates should have solid foundation about Governance, Strategic Management, Risk Management, and know some technical stuff at conceptual level.

Frankly, CISM is not so challenging for business people, while technical guys would have to spend some time in studying the business stuff. This exam is all about concepts and principles. Don’t just memorize without understanding how the business world works. Some questions are tricky and you have to distinguish the minute differences between the answer options.

Some final words:

1. Business always wins
2. Align with the organizational objectives and strategy
3. Don’t forget risks
4. Know the current situation before taking any actions
5. Know the Roles and Responsibilities