3 Things you need to pass CISM
#ColdCyberWarmHuman
Have people and friends ask - and these are the 3 things that helped me pass CISM in Aug 2020. I had no previous IT or Cyber education.
A Course that covers the four CISM domains and general IT knowledge. I used Thorteaches. Heard Cybrary is also good. Then google anything for clarification.
Official Questions and Answers. Practice until you can reason each answer. (won't see any of them in the real exam so avoid memorising)
Read Official Manual and take notes. Explain the nuances of different terms. eg. AIW(MTD) vs MTO. Risk analysis vs. Risk assessment
Also bought CISM All-in-one book but didn't get a chance to read. Nice to have one as a reference.
The key is to program your mind to "think like a business leader".
Create a strategy tailored to Exes' risk appetite. Get them from A (Status quo) to B (Desired state). Nothing more, nothing less.
Anything is just another risk. Needs to be first verified and assessed.
Prioritise. Prioritise. Prioritise. You won't be able to right every wrong (no matter how tempting). Do Business Impact Analysis (BIA). Tie the risk/vulns to critical business processes ($$ or %) for your good work to make sense to the Exes, and for you to be influential in the boardroom.
When incidents happen and they 100% do, there is a working process in place to contain and bounce back quickly. Job well done.
Does the answer give you the desired results?
As an exam, you will at times find multiple answers sensible. What has helped me is to pick the wording that gives:
The best coverage meaning-wise.
Not the right process, but assures you with the final desired results.
Have a go - what is the correct answer?
