Description:
The CISM exam evaluates a candidate’s practical knowledge, including experience and application, of the job practice domains as described in this Review Manual. We recommend that the exam candidate look to multiple resources to prepare for the exam, including this Review Manual and the Questions, Answers & Explanation Manual or database, along with external publications. This section will cover some tips for studying for the exam and how best to use this Review Manual in conjunction with other resources.
Price:
Indian Professionals : INR 30000
International Professionals : US $600
GETTING STARTED
Having adequate time to prepare for the CISM exam is critical. Most candidates spend between three and six months studying prior to taking the exam. Make sure you set aside a designated time each week to study, which you may wish to increase as your exam date approaches.
Developing a plan for your study efforts can also help you make the most effective use of your time prior to taking the exam.
CISM Self-assessment
In order to effectively study for the CISM exam, you should first identify the job practice areas in which you are weak. A good starting point is the CISM self-assessment, available at http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Prepare-for-the-Exam/Pages/CISM-Self-Assessment.aspx
This 50-question sample exam is based upon the question distribution of the CISM exam and can provide you with a high-level evaluation of your areas of needs. When you complete the self-assessment, you will receive a summary of how you performed in each of the four job practice domains. You can use this summary to review the task and knowledge statements in the job practice and get an idea of where you should primarily focus your study efforts.
TYPES OF QUESTIONS ON THE CISM EXAM
CISM exam questions are developed with the intent of measuring and testing practical knowledge and the application of information security managerial principles and standards. As previously mentioned, all questions are presented in a multiple-choice format and are designed for one best answer.
The candidate is cautioned to read each question carefully. Many times a CISM exam question will require the candidate to choose the appropriate answer that is MOST likely or BEST, or the candidate may be asked to choose a practice or procedure that would be performed FIRST related to the other answers. In every case, the candidate is required to read the question carefully, eliminate known wrong answers and then make the best choice possible. Knowing that these types of questions are asked and how to study to answer them will go a long way toward answering them correctly. The best answer is of the choices provided. There can be many potential solutions to the scenarios posed in the questions, depending on industry, geographical location, etc. It is advisable to consider the information provided in the question and to determine the best answer of the options provided.
Each CISM question has a stem (question) and four options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario or description also may be included. These questions normally include a description of a situation and require the candidate to answer two or more questions based on the information provided.
A helpful approach to these questions includes the following:
• Read the entire stem and determine what the question is asking. Look for key words such as “BEST,” “MOST,” “FIRST,” etc. and key terms that may
indicate what domain or concept that is being tested.
• Read all of the options, and then read the stem again to see if you can eliminate any of the options based on your immediate understanding of the
question.
• Re-read the remaining options and bring in any personal experience to determine which is the best answer to the question.
Another condition the candidate should consider when preparing for the exam is to recognize that information security is a global profession, and individual perceptions and experiences may not reflect the more global position or circumstance. Because the exam and CISM manuals are written for the international information security community, the candidate will be required to be somewhat flexible when reading a condition that may be contrary to the candidate’s experience. It should be noted that CISM exam questions are written by experienced information security managers from around the world. Each question on the exam is reviewed by ISACA’s CISM Exam Item Development Working Group, which consists of international members. This geographic representation ensures that all exam questions are understood equally in every country and language.
PREPARING FOR THE CISM EXAM
The CISM exam evaluates a candidate’s practical knowledge of the job practice domains listed in this manual and online at www.isaca.org/cismjobpractice. That is, the exam is designed to test a candidate’s knowledge, experience and judgment of the proper or preferred application of information security management principles, methods and practices. Since the exam covers a broad spectrum of information security issues, candidates are cautioned not to assume that reading CISM study guides and reference publications will fully prepare them for the exam. CISM candidates are encouraged to refer to their own experiences when studying for the exam and refer to CISM study guides and reference publications for further explanation of concepts or practices with which the candidate is not familiar.
No representation or warranties are made by ISACA in regard to CISM exam study guides, other ISACA publications, references or courses assuring
candidates’ passage of the exam.
TYPES OF EXAM QUESTIONS
CISM exam questions are developed with the intent of measuring and testing practical knowledge and the application of general concepts and standards. All questions are multiple choice and are designed for one best answer.
Every question has a stem (question) and four options (answer choices). The candidate is asked to choose the correct or best answer from the options. The stem may be in the form of a question or incomplete statement. In some instances, a scenario may also be included. These questions normally include a description of a situation and require the candidate to answer two or more questions based on the information provided. The candidate is cautioned to read each question carefully. An exam question may require the candidate to choose the appropriate answer based on a qualifier, such as MOST or BEST. In every case, the candidate is required to read the question carefully, eliminate known incorrect answers and then make the best choice possible. To gain a better understanding of the types of question that might appear on the exam and how these questions are developed, refer to the Item Writing Guide available at www.isaca.org/itemwriting. Representations of CISM exam questions are available at www.isaca.org/cismassessment.
ADMINISTRATION OF THE EXAM
ISACA has contracted with an internationally recognized testing agency that engages in the development and administration of credentialing exams for
certification and licensing purposes. It assists ISACA in the construction, administration and scoring of the CISM exam.
SITTING FOR THE EXAM
Candidates are to report to the testing site a minimum of 15 minutes prior to their scheduled testing appointment. Candidates who arrive after their scheduled time will not be allowed to sit for the exam and will forfeit their registration fee. To ensure that candidates arrive in time for the exam, it is recommended that candidates become familiar with the exact location of, and the best travel route to, the exam site prior to their scheduled test appointment.
The following conventions should be observed when completing the exam:
• Do not bring study materials (including notes, paper, books or study guides) or scratch paper or notepads into the exam site.
• Candidates are not allowed to bring any type of communication, surveillance or recording device (e.g., cell phone, tablet, smart watches or glasses, mobile devices, etc.) into the test centre. If candidates are viewed with any such device during the exam administration, their exams will be voided and they will be asked to immediately leave the exam.
• Read the provided instructions carefully before attempting to answer questions. Skipping over these directions or reading them too quickly could
result in missing important information and possibly losing credit points.
• Remember to answer all questions since there is no penalty for wrong answers. Grading is based solely on the number of questions answered correctly. Do not skip any questions. The exam will be scored based on your answered questions.
• Identify key words or phrases in the question (MOST, BEST, FIRST …) before selecting and recording the answer.
BUDGETING TIME
The following are time-management tips for the exam:
• It is recommended that candidates become familiar with the exact location of, and the best travel route to, the exam site prior to the date of the exam.
• Candidates should arrive at the exam testing site a minimum of 15 minutes prior to their scheduled testing appointment. This will give time for candidates to be seated and get acclimated.
• The exam is administered over a four-hour period. This allows for a little over one minute per question. Therefore, it is advisable that candidates pace
themselves to complete the entire exam. In order to do so, candidates must complete an average of 38 questions per hour.
RULES AND PROCEDURES
• Upon the discretion of the CISM Certification Working Group, any candidate can be disqualified who is discovered engaging in any kind of misconduct,
such as giving or receiving help; using notes, papers or other aids; attempting to take the exam for someone else; or removing test materials or notes from the testing room. The testing agency will provide the CISM Certification Working Group with records regarding such irregularities. The working group will review reported incidents, and all working group decisions are final.
• Additional information on exam rules is available in the ISACA Exam Candidate Information Guide (www.isaca.org/examguide).
GRADING THE CISM EXAM AND RECEIVING RESULTS
The exam consists of 150 items. Candidate scores are reported as a scaled score.
A scaled score is a conversion of a candidate’s raw score on an exam to a common scale. ISACA uses and reports scores on a common scale from 200 to 800. A candidate must receive a score of 450 or higher to pass the exam. A score of 450 represents a minimum consistent standard of knowledge as established by ISACA’s CISM Certification Working Group. A candidate receiving a passing score may then apply for certification if all other requirements are met.
The CISM exam contains some questions that are included only for research and analysis purposes. These questions are not separately identified and are not used to calculate the candidate’s final score. Passing the exam does not grant the CISM designation. To become a CISM, each candidate must complete all requirements, including submitting an application and receiving approval for certification.
A candidate receiving a score less than 450 is not successful and can retake the exam by registering and paying the appropriate exam fee for any future exam administration. To assist with future study, the result letter each candidate receives includes a score analysis by content area. There are no limits to the number of times a candidate can take the exam.
Preliminary pass/fail results will be provided at the testing site immediately upon completion of the exam. Official CISM Exam scores will be emailed
approximately 10 days after the exam date. This email notification is only sent to the email address listed in the candidate’s profile at the time of the initial release of the results. To ensure the confidentiality of scores, exam results are not reported by telephone or fax. To prevent email notification from being sent to a spam folder, the candidate should add certification@isaca.org to their address book, white list or safe senders list.
In order to become CISM-certified, candidates must pass the CISM exam and must complete and submit an application for certification within five years of the passing date (and must receive confirmation from ISACA that the application is approved). The application is available on the ISACA web site at www.isaca.org/cismapp. Once the application is approved, the applicant will be sent confirmation of the approval. The candidate is not CISM certified, and cannot use the CISM designation, until the candidate’s application is approved.
A processing fee must accompany CISM applications for certification.
For those candidates not passing the examination, the score report contains a subscore for each job domain. The subscores can be useful in identifying those areas in which the candidate may need further study before retaking the exam.
Unsuccessful candidates should note that taking either a simple or weighted average of the subscores does not derive the total scaled score. Candidates receiving a failing score on the exam may request a rescoring of their answer sheet. This procedure ensures that no conditions interfered with computer scoring. Candidates should understand, however, that all scores are subjected to several quality control checks before they are reported; therefore, rescores most likely will not result in a score change. Requests for hand scoring must be made in writing to the certification department within 90 days following the release of the exam results. Requests for a hand score after the deadline date will not be processed. All requests must include a candidate’s name, exam identification number and mailing address.
Chapter 1:
Information Security Governance
Section One: Overview
Domain Definition
Task and Knowledge Statements
Suggested Resources for Further Study
Self-assessment Questions
Answers to Self-assessment Questions
Section Two: Content
1.0 Introduction
1.1 Information Security Governance Overview
1.2 Effective Information Security Governance
1.3 Roles and Responsibilities
1.4 Risk Management Roles and Responsibilities
1.5 Governance of Third-party Relationships
1.6 Information Security Governance Metrics
1.7 Information Security Strategy Overview
1.8 Information Security Strategy Objectives
1.9 Determining the Current State of Security
1.10 Information Security Strategy Development
1.11 Strategy Resources
1.12 Strategy Constraints
1.13 Action Plan to Implement Strategy
1.14 Information Security Program Objectives
1.15 Case Study
Chapter 2:
Information Risk Management
Section One: Overview
Domain Definition
Task and Knowledge Statements
Suggested Resources for Further Study
Self-assessment Questions
Answers to Self-assessment Questions
Section Two: Content
2.0 Introduction
2.1 Risk Management Overview
2.2 Risk Management Strategy
2.3 Effective Information Risk Management
2.4 Information Risk Management Concepts
2.5 Implementing Risk Management
2.6 Risk Assessment and Analysis Methodologies
2.7 Risk Assessment
2.8 Information Asset Classification
2.9 Operational Risk Management
2.10 Third-party Service Providers
2.11 Risk Management Integration With Life Cycle Processes
2.12 Security Control Baselines
2.13 Risk Monitoring and Communication
2.14 Training and Awareness
2.15 Documentation
2.16 Case Study
Chapter 2 Answer Key
Chapter 3:
Information Security Program Development and Management
Section One: Overview
Domain Definition
Task and Knowledge Statements
Suggested Resources for Further Study
Self-assessment Questions
Answers to Self-assessment Questions
Section Two: Content
3.0 Introduction
3.1 Information Security Program Management Overview
3.2 Information Security Program Objectives
3.3 Information Security Program Concepts
3.4 Scope and Charter of an Information Security Program
3.5 The Information Security Management Framework
3.6 Information Security Framework Components
3.7 Defining an Information Security Program Road Map
3.8 Information Security Infrastructure and Architecture
3.9 Architecture Implementation
3.10 Security Program Management and Administrative Activities
3.11 Security Program Services and Operational Activities
3.12 Controls and Countermeasures
3.13 Security Program Metrics and Monitoring
3.14 Common Information Security Program Challenges
3.15 Case Study
Chapter 3 Answer Key
Chapter 4:
Information Security Incident Management
Section One: Overview
Domain Definition
Task and Knowledge Statements
Self-assessment Questions
Answers to Self-assessment Questions
Section Two: Content
4.0 Introduction
4.1 Incident Management Overview
4.2 Incident Response Procedures
4.3 Incident Management Organization
4.4 Incident Management Resources
4.5 Incident Management Objectives
4.6 Incident Management Metrics and Indicators
4.7 Defining Incident Management Procedures
4.8 Current State of Incident Response Capability
4.9 Developing an Incident Response Plan
4.10 Business Continuity and Disaster Recovery Procedures
4.11 Testing Incident Response and Business Continuity/Disaster Recovery Plans
4.12 Executing Response and Recovery Plans
4.13 Post incident Activities and Investigation
4.14 Case Studies
Chapter 4 Answer Key
General Information
Requirements for Certification
Description of the Exam
Registration for the CISM Exam
CISM Program Accreditation Renewed Under ISO/IEC 17024:2012
Preparing for the CISM Exam
Types of Exam Questions
Administration of the Exam
Sitting for the Exam
Budgeting Time
Rules and Procedures
Grading the CISM Exam and Receiving Results
By clicking this links
© Copyright 2024 Veritas Consultancy. All Right Reserved.