CISM is Worth it: how i passed CISM online proctored exam


Certified Information Security Manager (CISM) pass
CISM exam result pass

  • CISM is among top-paying certification with annual salary of $148,622
  • Over 3 million unfilled Cyber security jobs require qualified candidates
  • CISM is easier and earns more than CISSP - 5 reasons below
  • Online proctored exam enables candidate to sit for exam in own home
  • Self-study resources and tricks I used to pass CISM on first try

Why is CISM important or Why do CISM?

CISM certification is among the certifications offered by ISACA (Information Systems Audit and Control Association) which is a global association that serves more than 145,000 members in more than 188 countries.

1. Move into C-level

According to ISACA, Certified Information Security Manager (CISM) certification indicates "expertise in information security governance, program development and management, incident management and risk management". It is a certification "for those with technical expertise and experience in IS/IT security and control and wants to make the move from team player to manager." 

By earning a CISM, you indicate an understanding beyond the technical into the management domain as well. 

2. Proves Expertise

CISM is an internationally accredited program with over 46,000 certification holders earning an average of $118,000, according to ISACA. Among the benefits of CISM is the immense open job opportunities that enables a candidate stand out among the 3.5 million UNFILLED Cyber security jobs

With a CISM certification proves expertise in information security governance, information risk management, information security program development and management, and information security incident management. 

3. CISM pays more

CISM is among the top-paying certifications of 2020 ranked number three with an annual salary of $148,622 according to global knowledge. In comparison, the CISSP is ranked number six with an annual salary of $141,452 on the same list. If your goal is to increase your income and influence in your organization, then this is your certification.

4. Advice from ISACA CISM holders

In an ISACA video "CISM Certification Holders Give Advice to Professionals Considering Certification" (7.30 minutes), the CISM is:

  • globally recognized certification that enables the holder to demonstrate core understanding of governance and risk concepts
  • a differentiator from competitors that enables holder to standout and win business
  • highly regarded in the security & audit communities and the regulators as well.
  • relevant in a dynamic cybersecurity environment. CISM acts as a baseline to understand and appropriately react to these changes to securely implement a governance and security program
  • from a well respected organization with a strong focus on security and it-controls. 

How to study, prepare and pass CISM

Here are the resources i used in my self-paced CISM exam prepreparation:

1. ISACA CISM forums
2. CISM Review Questions, Answers & Explanations Database
Access to the database for Member price $299.00; Non-Member Price: $399.00. Access is granted for 12 months to complete and pass CISM exam.
3. Cybrary CISM course by Kelly Handerhan
4. ISACA Glossary
5. Reddit CISM forum

So where to start? Start with the free ISACA practice quiz for a back-of-the-envelope assessment of your level regarding the CISM concepts, and review the ISACA glossary too. You may also bookmark this page or leave a comment on what you need help with. 

Where to take CISM exam

CISM certification exams can now be taken via online remote proctored or at an in-person testing center. Due to the Covid19 pandemic, i decided to use the online remote proctored exam, which basically means that i registered to take the exam at home having an exam supervisor watching me through the webcam throughout the whole duration of the exam. Tips to consider:

  • Schedule exam early morning. CISM is a 4 hour long exam of 150 exam questions which can be a drain in your mental capacity. I scheduled mine to start at 0700 just after a good night sleep.
  • Checkin/login to ISACA exam portal an hour before exam and check that you have the required documentation ready, computer works and ready. I had a ubuntu computer ready but I could not install the secure browser executable required to access the exam. Luckily i had a windows computer lying around that i could quickly use. 
  • Be sure to be in a room without distractions. I had to go out to use the toilet and this required asking remote supervisor for permission and when back, a new clean sweep of the room and re-verification that its the real candidate again. The exam time is not stopped but goes on counting while including all the re-verification activites when candidate returns. Be sure to spend your time wisely and minimize distractions.

Who can do CISM certification?

Anyone can take the exam. You need to register and pay an exam fee US$575 (members)  or US$760 (Non Member). I recommend that you pay ISACA membership fee and then pay a members fee exam fee rather than paying the non-members fee. Because ISACA has a CISM question database of 1000 questions that are very good practice exam format. 

During my preparation using the CISM exam database as indicated in figure below, i made sure to score an overall score of 87% while for each domain: Information security governance (91%), Information risk management and compliance (86%), and Information Security Program Development/Management (82%) and Information Security Incident Management (93%). 

The exam database contains over 1,000+ questions that gives a candidate results by job practice domain with instant insights into where weaknesses might be to enable a focused study effort.

Certified Information Security Manager (CISM) Question domains
CISM Review Questions, Answers & Explanations Database scores

Does CISM certification expire

Often the certification might expire if the certification holder does not submit the required Continuing Professional Education (CPE) credits. Earning the CISM Certification requires an annual renewal to remain active and in good standing. Earning and reporting a minimum of 120 CPE hours within three years and payment of the annual maintenance fee, are some of the requirements.

CISM exam retake policy

Retake policy states that candidate that do not pass on their first attempt are allowed to retake the exam a total of 3 more times within 12 months from the date of the first attempt with payment of full exam registration fee for each attempt. Candidate must wait 30 days from the date of the first attempt and thereafter 90 days after second and third attempt, according to Exam candidate Information guide.

Is CISM harder than CISSP?

I have attempted and passed both exams in the first try and written previously on it. I passed the CISSP last year before passing the CISM this year. I found studying and passing the CISM easier than the whole experience with the CISSP and here below are other reasons that reinforce that view:

  1. CISM is 4 hours long exam while CISSP is only 3 hours for same number of 150 questions.
  2. CISM you get to flag difficult questions and come back to them later unlike the CISSP exam where once question is answered, there is no chance for later review in the case of Computerized Adaptive testing english exam.
  3. ISACA offers access to practice questions/answer database but nothing similar is available from ISC2 for CISSP exam.
  4. Volume of study material i used to prepare for CISM is much less than I used to prepare for CISSP. For instance, i did not buy any physical books but rather relied on the ISACA database and online resources mentioned above.
  5. There is more technical material in the CISSP study material than what i encountered in the CISM material. This might a cause for candidates without a technical background to regard CISSP exam as harder (regardless of whether the technical material shows up in the exam questions or not).

Bottom line:
Study for CISM to prove your expertise, advance your career from technical-focused domains into the management / C-suite domains and as a result increase your influence and income.

Leave us a comment and share with your network

Read More: