w00t folks! passed the CISM exam that I took in June 2010!

now need to apply for the certification!

going for CISSP next year as company is paying for the exam fees and course fees (by ISC2 Kevin Henry!)

yes! 

Congrats, kennut.

Which resources did you use for studying?

Congratulations Kennut!

And thanks for your feedback. It will certainly be helpful for future candidates.

I'll take a stab in December. I got my CISA results yesterday (pass), so that one's up next. I used pretty much the same resources as you, minus the 100 question supplement. I'll splurge for that on the CISM; I felt pretty shaky on this one.

Congratulations on your pass. What's up next?

Me + CISM > Fail... Congrats on the pass. I have to re-take a stab at looking at this exam from a non-technical point of view. I don't agree with a lot of the answers. But, nevertheless I'll re-take it and study (at least I always say this). Dynamik, congrats on your pass as well I just ordered a Brotby book (http://www.amazon.com/Information-Security-Governance-Engineering-Management/dp/0470131187/ref=sr_1_1?ie=UTF8&s=books&qid=1281705553&sr=8-1) so I could immerse myself in SABSA, "Strategic Direction", CMM and governance objectives. Sounds like so much fun! I plan on knitting some sweaters while I read. Going to be hard to get away from equipment

Here are a couple of other books that I've found to be pretty good that may help out with this one:

http://www.amazon.com/Enterprise-Security-Architecture-Business-Driven-Approach/dp/157820318X/ref=sr_1_1?s=books&ie=UTF8&qid=1281812697&sr=1-1

http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/ref=sr_1_1?s=books&ie=UTF8&qid=1281812688&sr=1-1

Honestly, as good as they are, I stopped reading early on. I really have a hard time getting into this material and would much rather be playing with something more technical.

I think one thing that's really benefited me is that I'm a cert junkie, and having taken so many exams, I feel that I have gotten significantly better at determining what the question is asking and what they're looking for in terms of an answer. That may sound kind of stupid for anyone who hasn't taken an (ISC)2 or ISACA exam, but determining what the question is asking and knowing how to answer it in the way they want (not necessarily real-world) is as important as knowing the material itself. Seriously.