Book Cism Exam Uk

0 views

Skip to first unread message

Jordan Tucker

unread,

Aug 3, 2024, 3:24:50 PM8/3/24

to assulystrust

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Disclaimer: Before I start, I would like to remind the viewers that if you do not have any positive things to comment, kindly save the trouble and refrain from commenting. I do not expect any "likes" or "comments" in this article. If you are not happy and if I'm one of your connections, please feel free to "un-friend" me. If you are not happy, not in my network and able to block me, again please feel free to do so. My intention to share is to benefit the appreciative folks in my network who would like to sit for the CISM exam, and not to criticise any certifications or downplay the value of those who would like to sit for the exam. Some of these security certifications existed since some of you so-called "cybersecurity" kids were still in school. There are already so many negative happenings going on in the world right now be it in the mainstream news or social media so I personally would like to limit that exposure especially when my intention is to benefit others. So, here I go:

I already have several certifications under my belt. CISM was not a difficult exam, but to me, it was by far the trickiest. I don't take certifications merely for the title but what matters most was the learning journey I went through with every exam, and the absurd amount of knowledge which I gained during the entire process. The recognition I gained from my peers after being certified is a bonus, which adds to the responsibility on my shoulders.

Since I oversee the internal IT Security function in my organisation, and also the Deputy National IT Security Officer (CISO, in most organisations) and the Deputy Data Protection Officer (DPO), I was able to appreciate all the CISM exam contents in the official Information Systems Audit and Control Association (ISACA) CISM Review Manual and, sitting for the CISM exam seems to be the natural move to also gain the recognition of my peers in the organisation as the go-to person in this area - this is an added responsibility which I also look forward to.

I took three months to study for the exam. The first two months was a bit slow by reading the entire CISM Review Manual. Although I can easily appreciate the contents due to my information security experience, the manual was pretty dry. Honestly, I felt what went into my brain was flushed out instantly but I still went through the due process to complete reading the manual (only once) and answering the questions laid out in the manual.

I focused entirely on the CISM Questions, Answers and Explanations (QAE) database in the third month. I loved the QAE database, and although none of the questions in the exam came from the QAE database, you more or less will have an idea on how to answer the real exam questions after you have experienced the QAE database. The third month was a fasting month for us Muslims, so you can imagine me coming home from work, breaking my fast, performed my prayers, did some of my office work before I start to study with the QAE database and the review manual as a guide from 11pm to 1am. I had to wake up at 4.30am to start my fast again the next day, do my pre-dawn prayers before getting ready for work. Luckily, it's the school holidays so I do not need to send my kids to school. That was my routine for the entire month.

The computer based exam was interesting; the remote proctor was there to monitor and help you if you face any technical issues or if you have any questions (not specifically on the exam content, of course) during the exam. There's a camera attached to the computer. The room was very cold so I put one of my hands in the pocket, and the other to control the mouse. The remote proctor told me via the chat window to put my hand on the desk. When I began the exam, I recited some prayers for the exam to go smoothly, and the remote proctor told me to stop talking. According to the proctor, the camera was able to detect mouth movements and if the hands were away from the desk for a long time. It was a funny moment - cool video analytics I thought. Thank god for my jacket! Please bring a jacket to the exam, you never know if the testing centre/room gets too cold. Overall, the remote proctor was very helpful. It was a great exam experience and I found this process to be very effective.

Though, the exam experience was great but the testing centre was not so fantastic. I was in the same room with few other guys who were probably sitting for other exams. There was this one guy behind me possibly sitting for an essay exam and he was hammering the keyboard like there's no tomorrow. I wanted to tell the proctor that I would like to speak to the guy behind me to be more considerate but I gave up that idea. The testing room was just outside the reception area; the receptionist was loud on the phone and there were groups of people congregating at the reception and happily chatting loudly. They were probably during their break. I had to re-read the exam questions many times because of all these noises and that frustrates me so I was appreciative of the generous time ISACA allocated for us to sit for the exams.

Actually, this was the second testing centre as the first one which I chose emailed me a month ago saying that they no longer provide the testing for CISM exam. As a result of that, I had to move my exam date earlier as there was no later slot and I have until 30 June to sit for the exam. It was indeed a blessing in disguise.

When I started with the first few questions of the exam, I was shocked. These questions were not in the database, and the worst part I can't remember a single thing from the CISM review manual. I panicked and in my mind, I started to plan the next time to re-sit the exam. After a few minutes and telling myself to just try my best, I calm myself down and use my working experience instead to answer the questions. In fact, for the most part of the exam, I was relying on my infosec experience which came in pretty handy. I really took my time to answer the questions and finished in 2.5hrs. Then, I took another hour to literally check all my answers one by one and oh boy, I was so glad I did that. I amended quite a bit of my answers. I think the reason why I was shocked in the first place as I felt that since I have been answering the 1000+ questions in the CISM QAE database over and over again for the past month, the real exam questions suddenly looked entirely different.

The advanced certification called CISM or Certified Information Security Manager targets IT professionals specializing in information security management. It demonstrates that a person has the skills and knowledge necessary to create and manage an enterprise infosec program. Information Systems Audit and Control Association (ISACA), a non-profit, independent group, provides this accreditation. Further, under ISO/IEC 17024:2003, the American National Standards Institute (ANSI) granted CISM accreditation in 2005, which means that ANSI approves the certification.

In the modern IT environment, administrators must protect systems from harmful external assaults and unauthorized internal changes. CISM training aids in the development of fundamental skills necessary for maintaining company IT security. To assist in carrying out duties required to protect and manage information systems, candidates will build and master critical thinking skills when preparing for the exam.

The importance of CISM, intended for current or future managers, is expanding as cybersecurity at the corporate level increasingly becomes a C-level and board activity. This certification is based on the idea that as infosec programs evolve, individuals need management credentials and the many technical qualifications that working with a significant cybersecurity operation calls for today.

It first equips you with a basic understanding of management and IT and security principles. Second, a wage rise is frequently a part of a career trajectory with CISM certifications. It is good to keep an eye on the future and the possible advantages this qualification may provide as you consider your alternatives. You join a group of top infosec experts, which is one of the most significant advantages. It demonstrates your dedication to your work and the information security field because this certification may be difficult to obtain.

This implies that obtaining this certification could improve your performance, credibility, and confidence in your career path in cybersecurity. Consider the advantages and disadvantages of CISM, which go beyond the enhanced work and income possibilities, before choosing if it is the best course of action.

CISM will test your knowledge of creating and maintaining an information security strategy aligning with corporate objectives. This strategy will direct the creation and continuing administration of the program. You will also be tested on developing and sustaining a governance roadmap to direct actions that support the infosec strategy. This also includes corporate governance so that the security program supports business goals and objectives.

To increase the likelihood that organizations will implement the security plan successfully, you will also be evaluated on your ability to win the support of senior management and other stakeholders. Then, on establishing lines of accountability and authority, you should be able to define and communicate security roles and duties throughout the company.

The CISM curriculum includes assessing your ability to choose the best risk management strategies for a company. You will also be asked if you can determine security measures to see if they are adequate and successfully reduce risk.

The test will evaluate your understanding of the discrepancy between existing and desired risk levels. Then, you will be tested on how to incorporate information risk management in IT and business operations. Finally, under this section, you will be tested on how to notify the proper management about non-compliance and other changes in information risk to aid decision-making.