1. Remember all the bullet'd stuff in CRM (CISA Review Manual) and their order as many questions come in "which one of these is/is NOT primary means", etc.

2. It would help if you remember that business is the primary driver, and in case of controversial stuff, one that is closer to business is usually the winner.

3. CRM is where all the questions come from, so no matter what reference material you study to understand stuff, make sure that you read the relevant CRM material too.

4. It would help if you have their question bank (with answers , as it would help you see their point of view)

While i am all game for technical security stuff (is the reason y i study it, and i like it), compliance gives you 20K feet view of information security, something which is required, no matter the current stage of your career.

And all the best for the exams!

Thank you 

Hi Dynamik

Sorry for the goof-up! It was not till i read your reply that i understood the mistake i made by that upload. I'll keep it in mind. Thank you again

Initially, when i started out (that was around a month back), i had this (silly!) idea of solving this how-to-solve-GWAPT-problem not only for I but for all the people out there. Now i understand one thing, that i have to attack this thing and learn as i go forward.

Thank you. I hope to contribute to this site someday the way u people r doing ... till then, please keep it up!

Regards
Maanav

Dear Members

I am a new member. I have been following this site for many days. An inspiring site. Thank you all for such a wonderful repository! I'll try my level's best to contribute.

I have a request to make. I am an ISMS Implementer, wanting to make a foray into web application security. I have thought of preparing for GWAPT. Buying SANS courses are out of scope, so i have prepared a small plan. I would request all the members to have a look at it and help me to improve upon it. BTW, feel free to use it if it helps.

Thank you all
Maanav