The CISM examination is difficult. Not only is there a lot of material to know and revise, but the exam is long—at four hours, it is much longer than many of us will have experienced during our formal education. Here are some tips from my own experience to help you through the ISACA exam process for all certifications.
Start with the practice exam in the CISM review book. You will find it to be hard work. I had to force myself to read each question carefully towards the end. Self-marking this exam identifies the areas for improvement in revision. Going through these questions will help you to understand the question format on the exam. These questions are not actual or even retired questions from an exam.
Revising effectively consists of three stages:
- Reviewing the practice exam—was that wrong answer a careless mistake or a lack of knowledge?
- Tailoring the revision—ISACA’s resources and other security publications are extremely useful. Make sure you learn ISACA’s preferred terminology.
- The questions in the review book explain the correct answer and why the other options are false. This ensures both your knowledge and reasoning are sound. In hindsight, this was the most valuable part of my revision programme.
With the real exam nearing, re-take the practice test. I felt less tired and more in control this time around. I improved my score significantly, with consistent results across all the knowledge domains. Make sure to review incorrect answers and learn from them. However, do not be over confident if you pass these practice exams. They are used for review and are not reflective of the questions being tested on the exam.
Read all the provided information about the exam administration—specifically the Candidates Guide, and take everything you need (particularly suitable ID) with you!
Most people will need to travel to the exam venue. Try to stay in a local hotel the night before as stress from delays or traffic will not help your chances of success. A good night’s rest is an excellent investment.
Once you arrive for the exam, after registration you will enter the exam room itself (often it will be rows of school desks). Relax. If you suffer from pre-exam nerves, try to delay your registration a little to minimise the time you spend waiting at your desk.
With a few hundred people in the room, it is quiet, but not silent. There will be a background of rustling paper, coughing and creaking chairs. Earplugs are provided, but you are not allowed to bring your own or noise-cancelling headphones.
A good exam technique is the method I was taught many years ago:
- Answer quick wins on a first pass.
- Spend longer on more difficult questions, but do not be afraid to move on.
- Revisit remaining questions, using reasonable methods to find an answer.
What’s Reasonable? You could:
- Identify wrong answers. This is why it is important to know not only why an answer is correct, but also why the other three are false.
- Use facts from other questions. If you are stuck on “What type of control is a firewall?” another question might ask “Preventive controls such as firewalls are useful in which scenarios?” You’ve been given the answer—thanks ISACA!
- Finally, copy your answers to the answer sheet. Having learnt from previous mistakes, I now use this method:
- Copy the question book answers onto the answer sheet
- Ensure the correct dots are filled for each question
- Ensure exactly 200 dots are filled (as a final check)
If you have finished early, you can put your hand up and you can leave once an invigilator has collected your papers. You will be tired afterwards, so plan to relax, get some fresh air, some lunch and move about a bit. Nobody wants to finish their exam day with an accident caused through tiredness.
Now, wait a few weeks for your results email… Good luck!
Darren Hampton, CISM
Head of Information Security at the University of Southampton