EH-Net

w00t folks! passed the CISM exam that I took in June 2010!

now need to apply for the certification!

going for CISSP next year as company is paying for the exam fees and course fees (by ISC2 Kevin Henry!)

yes!  ;D

Congratulations!

Congrats, kennut.

Which resources did you use for studying?

thanks ziggy/awesec,

I used the review manual 2010, 450 Q&A CISM 2009, 100 Q&A 2009 and 2010 supplement. took me 3 months to prepare.

the review manual 2010 is very lengthy and to be frank too theory based. in otherwords, very long winded. I then used the Q&A 2009 and the supplements. although the sample questions wont be the exact same type coming out on the real exam, you have to understand how the questions was structured in order to tackle the exam!

CISM - is not too technical IMHO, but very business oriented and always related business with info sec alignment etc.

anyone taking it?  ;)

Congratulations Kennut!

And thanks for your feedback. It will certainly be helpful for future candidates.

It feels so good when companies are paying for the certification in a world which I believe was never before !!!  :D

I'll take a stab in December. I got my CISA results yesterday (pass), so that one's up next. I used pretty much the same resources as you, minus the 100 question supplement. I'll splurge for that on the CISM; I felt pretty shaky on this one.

Congratulations on your pass. What's up next?

Congrats kennut!

Me + CISM > Fail... Congrats on the pass. I have to re-take a stab at looking at this exam from a non-technical point of view. I don't agree with a lot of the answers. But, nevertheless I'll re-take it and study (at least I always say this). Dynamik, congrats on your pass as well ;) I just ordered a Brotby book (http://www.amazon.com/Information-Security-Governance-Engineering-Management/dp/0470131187/ref=sr_1_1?ie=UTF8&s=books&qid=1281705553&sr=8-1) so I could immerse myself in SABSA, "Strategic Direction", CMM and governance objectives. Sounds like so much fun! I plan on knitting some sweaters while I read. Going to be hard to get away from equipment :(

dynamik, hayabusa - thanks, I plan to do CISSP next, failed that end 2007, so plan to do again. Besides, that's part of my KPI for next year and since it's paid for exam and course fees, will take a stab at it!

dont' save on the supplement for CISM, sometimes, you'll be surpise that few questionaires are thrown out as bonus and looks exactly the exam questions!

sil - don't give up, cert is not that easy, but do have a mindset of info sec with business mind in place, sometimes we dont' agreed with ISACA's way of questionaires, but that's the fact we have to accept it if we want to pass the exam! CISA was to me harder than CISM, just that the different mindset you need to have and put another hat when doing CISM.

good luck to you and whoever taking it.  ;)

Here are a couple of other books that I've found to be pretty good that may help out with this one:

http://www.amazon.com/Enterprise-Security-Architecture-Business-Driven-Approach/dp/157820318X/ref=sr_1_1?s=books&ie=UTF8&qid=1281812697&sr=1-1

http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/ref=sr_1_1?s=books&ie=UTF8&qid=1281812688&sr=1-1

Honestly, as good as they are, I stopped reading early on. I really have a hard time getting into this material and would much rather be playing with something more technical.

I think one thing that's really benefited me is that I'm a cert junkie, and having taken so many exams, I feel that I have gotten significantly better at determining what the question is asking and what they're looking for in terms of an answer. That may sound kind of stupid for anyone who hasn't taken an (ISC)2 or ISACA exam, but determining what the question is asking and knowing how to answer it in the way they want (not necessarily real-world) is as important as knowing the material itself. Seriously.