How I Passed the CISM Exam on the First Attempt

Updated: 12 May 2023

In March 2019, I passed ISACA’s CRISC exam and became certified the next month. This achievement motivated me to pursue another ISACA certification – the Certified Information Security Manager (CISM).

Two of ISACA’s credentials rank among the 15 highest-paying tech certifications in 2022: CISM and CISA, with CRISC close behind them. In addition, CISM remains one of the most recognized IS/IT certifications in the world, and it was recognized by SC Media as the Best Professional Certification Program for 2020 and a finalist for the same in 2021. I am so proud to hold two ISACA certifications so far.

The key differentiator of the CISM is its 30,000-foot view through deep concentration on the strategic dimension of information security governance, program development and management to control probable impact on the organizational success. The CISM version covers four significant job practice domains in Information Security Management:

• Domain 1: Information Security Governance (17%)
• Domain 2: Information Security Risk Management (20%)
• Domain 3: Information Security Program (33%)
• Domain 4: Incident Management (30%)

How I Prepared for the CISM Exam

My preparation time for the CISM exam was relatively short; I chose self-study as it was more convenient for me and allowed for better time utilization. The key resources that you need to pass the exam are:

• Exam Candidate Guide 
• CISM Planning Guide
• CISM Review Manual 16^th Edition
• CISM Review Questions, Answers & Explanations (QAE) Manual 9th Edition

Below are my study tips for ISACA’s CISM exam:

• Planning, studying and measuring in consistent manner are the key to your exam success. You must prepare well in advance and set aside the study time and obtain the resources you need.
• A good starting point is to try the official sample exam (150Q), which can be found at the end of the QAE Manual.
• You need to know the CISM job practice areas (domains, knowledge statements, task statements).
• Study the CISM review manual cover-to-cover at least once.
• Practice the CISM Review Questions, Answers & Explanations as much as you can. You should be able to explain why you answered correctly as well as why the other answers are incorrect. Remember: Practice makes perfect.
• I observed that getting 80% of the total QAEs correct is a reasonable indicator for the job practice areas’ comprehension as an overall baseline. 
• Take notes, including adding the reference notes whenever needed, and keep your plan sheet up to date.
• At this point, you can book your exam in advance so you stay on schedule. Check if you achieved the baseline or above and keep your study going until you reach a reasonable confidence level. You can reschedule the exam 48 hours before the booked date and time slot if needed.
• Review your gaps from the CISM Review Manual and from the QAEs. 
• Keep your schedule in check, and study at various time slots of the day and week. If you feel tired, don’t try to study.
• Relax the day before the exam and don’t study too much. Minor review is fine. Good sleep the night before is a critical success factor.

The Exam Experience (Remote Proctored Exam)

• My first booking for CISM was scheduled on 17 March 2020, and then the PSI test centers canceled due to the COVID-19 lockdown; all testing centers closed in Jordan. I approached PSI and ISACA to express my interests to take the exam proctored at home but the option wasn’t available at that time. Fortunately, ISACA was able to provide remote proctored exam access at home two weeks later.
• I rescheduled my exam for 17 April 2020. For the technicalities of the remote proctored exam, you need to:
  • Perform a PSI exam compatibility test on your PC before your exam day, and again on exam day to make sure the audio, video and bandwidth requirements are in order.
  • Download the PSI Secure Browser (this step can only be done 30 minutes before the intended exam time slot).
• You must provide official ID for check-in purposes (such as a passport), and must follow the check-in process and exam rules as stated in the remote proctored exam policy.
• The room must remain quiet during the whole exam.
• The exam itself was like any other exam: If you are well-prepared, you are going to clear it by practice and self-confidence.
• Have a strategy to tackle the exams. I strongly recommend reading the question twice carefully before you answer, paying extra attention to the distracters, and then make a decision. Keep moving this way until you finish all the 150 questions.
• Don’t waste more time on questions that are confusing you; just flag them and move on. In the remaining time, do another round of review.

ISACA was a leader in tackling the uncertainties of the COVID-19 pandemic repercussions by offering remote proctored exams.

You likely will want to customize your exam preparation according to your unique needs, but I am highly confident that setting up a proper roadmap to achieve your objective will create a high likelihood of passing the CISM exam. Once you pass, don’t forget to celebrate this big SUCCESS and remember that hard work pays off sooner or later.

I can confidently assure you that the CISM is well worth the time and effort. It is a great certification that changes and shifts mindsets like no others. I wish you the best of luck.