After another 50-hour study in 2 weeks (from 2018/08/14 to 2018/08/28), I cleared the ISACA CISA exam today. The following is what I used to prepare for this exam:
It’s about time to declare I’ve achieved my second milestone for 2018.
- Milestone #2: ISACA
- 2018/08/28 CISA
- 2018/08/13 CRISC
- 2018/07/24 CISM
- Milestone #1: PMI + CISSP
- 2018/07/10 RMP
- 2018/06/19 CISSP
- 2018/04/27 PBA
- 2018/04/09 ACP
Long Way to Go!
I am still on my way to build my profession on information security and the coming milestones are as follows:
- Milestone #3: ISC2
- 2018/09/14 CSSLP
- 2018/09/28 CCSP
- Milestone #4: EC-Council
- 2018/10/15 CEH
- 2018/10/29 ECSA
To pass the CRISC exam, I spent around 50 hours in 3 weeks (from 2018/07/24 to 2018/08/13) studying the following materials:
Candidates have 4 hours to complete the 150-question exam; It takes me 3 hours to nail it, 2 hours for answering questions and 1 hour for review.
The risk management discipline is still evolving and it takes time to get yourself acquainted with the terminologies used in CRISC. There are even some conflicts or inconsistencies between risk management methodologies.
Just follow the official CRISC review manual and questions from ISACA. It would be the most efficient way to pass this exam.
After passing CISSP and PMI-RMP on 06/19 and 07/10 respectively, Bruce provisionally passed ISACA CISM exam today (07/24). The exam is completed in 100 minutes.
It takes around 40 study hours to nail it. The preparation materials are listed as follows:
- CISM Certified Information Security Manager All-in-One Exam Guide 1st Edition
- YouTube Videos: Isaca CISM Real Exam 1~6
- Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Ed.
- NIST Special Publication 800-61 Revision 2 (Computer Security Incident Handling Guide)
- CISA Review Manual, 26th Edition
- CRISC Review Manual, 6th Edition
- CGEIT Review Manual, 7th Edition
- Organizational Project Management Maturity Model (OPM3) Knowledge Foundation
- The Standard for Portfolio Management
- The Standard for Program Management
I really love the exams from ISACA. They are management-centric, or more specifically, they are for CIOs, CISOs, or Information Security Managers. Exam candidates should have solid foundation about Governance, Strategic Management, Risk Management, and know some technical stuff at conceptual level.
Frankly, CISM is not so challenging for business people, while technical guys would have to spend some time in studying the business stuff. This exam is all about concepts and principles. Don’t just memorize without understanding how the business world works. Some questions are tricky and you have to distinguish the minute differences between the answer options.
Some final words:
- Business always wins
- Align with the organizational objectives and strategy
- Don’t forget risks
- Know the current situation before taking any actions
- Know the Roles and Responsibilities