Showing posts with label cism. Show all posts
Showing posts with label cism. Show all posts

Wednesday, 15 October 2014

ISACA CISM and CISA FAQ: You have less than 9 days to register!


By 


The deadline to register for your December CISA and CISM exam looms ever closer. You now only have less than 2 weeks to apply before registration closes on the 24th October.

So whether you’ve already registered or are just about to – now is certainly the time to refresh your knowledge about the upcoming 13th December CISM or CISA exams.


Q. When is the next CISM and CISA exam?

The next CISM and CISA exam is on the 13th December 2014.


Q. When can I register for the December exam?

Right now! You don’t have long until registration closes on the 24th October!

Miss this and your next chance to take the CISA and CISM exams will be in June 2015 (the date is currently unannounced). 


Q. I’m not sure if I’m ready for the exam, how can I tell?

ISACA provide a handy Self Assessment Test for both the CISA and CISM exams.

These self-assessments will help candidates assess their knowledge of both the CISM and CISA practice areas respectively. The assessments contain 50 sample items covering the appropriate subject matter to match the exam blueprint.

Plus, these items are representative of the types of questions you could get on your CISM / CISA exam.

You’ll be in a great position to determine your strengths and weaknesses after taking these tests. If you can locate any gaps in your knowledge you’ll be able to better focus you’re studying.


Q. I want to speak to other people who are also revising for their CISM and CISA exams - are there any forums I can use?

ISACA have developed a community exclusively for CISA and CISM exam registrations.
These forums allow you to share ideas, experiences, questions and study resources with other like-minded professionals.

Both the CISA and CISM communities are intended to help you prepare for your exams. Chapter certification coordinators (part of the ISACA Chapter group who help promote IS audit and security professions) have also been invited to reply to questions and share their study methods.

The CISM community forum


These forums are moderated by past top exam scorers who facilitate and drive discussion. You can find the forums here:

Q. I can’t make the exam I registered for, can I defer?

If you can’t make the exam, you’re able to request a deferral of registration fees to the next exam date.

Defer the December exam and you’ll have to wait until the next one runs in June 2015. If you want to defer your December 2014 exam to June 2015 and you apply on or before 24th October 2014, you’ll be charged a US $50 processing fee.

Defer later than 25th October 2014 and you’ll be charged a $100 processing fee.

Keep in mind, December 2014 deferral requests will not be accepted after 28th November 2014.

If you need to defer your December exam, you can do so either online or by fax. You can submit your deferral on ISACA’s website.


Q. How are the CISM and CISA exams scored?

ISACA uses a 200-800 point scale with 450 being the passing mark for both the CISA and CISM exams. It is worth noting that the exam score is not based on arithmetic or percent average.

For example, a scaled score of 800 represents a perfect score with all 200 questions correct; whilst a scaled score of 200 is the absolute lowest score attainable and signifies that only a small number of questions were correct.

A score of 450 represents a minimum consistent standard of knowledge required by the ISACA Certification Committee. 


Q. If I want to comment on the testing conditions – how will I do so?

If you want to comment about the testing conditions you’ll have a chance to do so at the end of your testing session by completing ISACA’s, ‘Test Administration Questionnaire,’ located at the back of your exam booklet. 


Q. Why do I have to wait 5 weeks for ISACA to process my exam results?

ISACA take the processing of exam results seriously. Each item of performance is carefully reviewed to ensure that they performed in a fair and consistent way.

A review of the preliminary statistical analysis begins a week or two after the exams finish. This analysis is conducted in up to 10 languages, across all 4 ISACA exams.

These guys sacrificed both legs to pass their CISM.
 Now that's dedication.

Image courtesy of hywards/morguefile
ISACA state this is an essential step because it identifies items that performed poorly. These items with poor performance are then reviewed by members of their respective certification committee. If an error, inconsistency or anomaly is discovered the answer’s weighting can be adjusted to ensure candidates are not penalised for ISACA’s error.


Q. Why don’t ISACA offer their exams electronically? This is 2014 after all…

Since most ISACA certified professionals are typically IT professionals, you might expect them to conduct their examinations with the use of computers.

ISACA re-evaluates their transition to a computer based testing environment every year. However, they have not as yet been able to achieve an online exam environment that would be more efficient, more secure and more affordable.

Their research has indicated that suitable CBT sites are not available in many of their 250 locations. Plus, they cite that, when seeing competitors move to CBT, their exam fees have increased massively (often by 100%) to compensate.


About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 11 August 2014

What your cert’s worth: security salaries under scrutiny


By 
Security roles have always been in the top half of the “IT salary hierarchy” and it seems unlikely to change anytime soon. According to a recent article on Tripwire business are investing more than ever, in order to protect themselves from security threats. Of course these investments include the recruitment and/or training of capable IT security staff.

Infographic created by the University of Alabama

With IT security becoming a top priority for businesses, certifications like the CISSP, CISA or CISM are gaining even more recognition. So if you’ve got one of these acronyms next to year name, you’re off to a great start in earning a high salary. Here are some of the average salaries in the UK for jobs requiring the following IT security certs, according to ITJobswatch.com
  1. ISACA CGEIT - £45,000
  2. EC-Council CEH - £49,000
  3. EC-Council CHFI - £51,500
  4. ISACA CISM - £55,000
  5. ISACA CRISC - £55,000
  6. (ISC)2 CISSP - £55,000
  7. ISACA CISA - £55,750
  8. ISACA COBIT - £57,500
ISACA Certified in the Governance of Enterprise IT (CGEIT) - £45,000

Certified in the Governance of Enterprise IT (CGEIT) is a program designed for professionals directing, managing and supporting enterprise IT governance. Holders of CGEIT are experts in risk management, performance measurement, value delivery and the governance and management of IT. As a CGEIT, you’ll earn an average salary of £45,000.

EC-Council Certified Ethical Hacker (CEH) - £49,000

Beat a hacker, by thinking like one. With EC-Council’s Certified Ethical Hacker certification you’ll know how to defend against the latest techniques used to exploit your organisation’s vulnerabilities. The CEH stretches far beyond the field of penetration testing and into everyday application and network security. Certified Ethical Hackers on average earn around £49,000.


Image courtesy of hyena reality/freedigitalphotos.net

EC-Council Computer Hacking Forensics Investigator (CHFI) - £51,500

EC-Council’s CHFI certification teaches you the use of forensics tools, analytical techniques, and procedures involved in obtaining, maintaining, and presenting computer forensic evidence and data in a court of law. Computer Forensics experts with a CHFI can earn £51,500 on average.

ISACA Certified Information Security Manager (CISM) - £55,000

CISM by ISACA is a widely recognised credential for IT security professionals specialising in managing, developing and overseeing information security systems and for developing best security practices. CISM certified professionals have proven skills in risk management, governance and incident management as well as program development and management. Similarly to CRISC, CISM holders have good prospects of earning an average salary of £55,000 a year.

ISACA Certified in Risk and Information Systems Control (CRISC) - £55,000


ISACA’s CRISC is for experienced IT professionals working in the fields of technology risk management and Information Systems Control. CRISC-holders can manage risk design and oversee response measures, scan and monitor systems for risk, and meet their organisation's risk management strategies. The average salary offer for CRISC certified professionals is around £55,000.



Image courtesy of njaj/freedigitalphotos.net

(ISC)2 Certified Information Systems Security Professional (CISSP) - £55,000

(ISC)2’s CISSP demonstrates your expert skills in developing, guiding, and managing security standards, policies, and procedures within your organisation. The certification is considered to be one of the most prominent and prestigious security credentials out there, which is due to its rather demanding prerequisites. As a Certified Information Systems Security Professional you can be earning an average salary of £55,000.

ISACA Certified Information Systems Auditor (CISA) - £55,750

CISA is a globally renowned credential for Information Systems audit and security experts. CISA certified professionals possess the necessary skills, knowledge and expertise to identify and manage vulnerabilities and risks within their organisations, while implementing solutions to deal with them. The average salary for CISA holders is around £55,750 per annum.

ISACA Control Objectives for Information and Related Technology (COBIT) - £57,500

ISACA’s COBIT framework helps you to maximise the value of Information Technology within your organisation. With this certification under your belt, you’ll know how to achieve strategic goals and minimise risks, whilst optimising the cost of IT services. COBIT certified professionals earn an average salary of £57,500.

There you have it, the worth of some of the top security certs expressed in monetary terms. And don’t forget, the more experience you have, the closer you get to making these numbers even bigger.

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Thursday, 31 July 2014

Your stories: which course would you attend first, if you won Free Training for Life?


By 


Which would be your first certification, if you won Firebrand's Free Training For Life competition? You'd get free access to over 160 training courses from the likes of Microsoft, Cisco, EC-Council, CompTIA, PMI and many more. Whether you're working in IT security, cloud computing or project management, you'd find the courses you need to climb up the career ladder.

We asked you to share your “first course choices” on our Google+ page, because we were curious about your picks and the stories behind them.

Reading your responses was thoroughly enjoyable. Some of them were witty, well-justified and though provoking, so it was hard to pick the Top 5. But at last here they are, the best answers from 5 lucky winners of 100 extra tickets to Free Training For Life:

It’s extremely important to keep your networks safe and this response seems to agree.

“If I won FTFL I would choose the Cisco CCNA and CCNA Security as my first course, as I know that I would then be able to protect my systems and myself without physical confrontation. I am small so actual confrontation has never gone well for me. So having that card in my back pocket will set me off on the right path. I would then go down the project management side of things and do PRINCE2 course and other courses related to project management.“ – Rachel

Some of you have already attended training with Firebrand, so you know what to expect and how to further develop the skills you’ve already got.

“If I won FTFL it would be a toss-up between Certified Ethical Hacker (CEH) and CompTIA Sec+. Having done CompTIA A+ I thoroughly enjoyed the course and loved the introduction into cryptography, the AAA of computing, types of attacks and various methods of procuring data - I had no idea that it was so in-depth and that was just a skim over the subject.

Having developed an appetite for it, I think both courses would be a great next step, though I think the CEH would provide a unique insight into security from the side of the intruder. I spoke to some people doing the course whilst doing my CompTIA A+ on the Firebrand campus and they spoke very highly of the course and learned a lot.

I'd also build up my Comp TIA A+ a little more with N+ and then work through ITIL before potentially branching into CISM or CCNA. I plan to build a wide-ranging skillset throughout my career and hopefully Firebrand will be the ones to help me do it!” – David

This could be you in a few months' time. Watch Joseph, last year's winner, talk about his certification plans.


Having a solid foundation is essential in preparing for long-term future goals.

“With so much choice it's not an easy decision. It would be either the CompTIA Trifecta [A+/N+/Sec+] to gain a solid foothold in an IT career or a Cisco CCNA qualification. Cisco would be the ideal choice as in today’s ever increasingly "Connected" world this would probably the most future proof qualification, as networks are always going to be required and therefore the properly certified individual will be the 'Key player' to keep this moving forward.” – Paul

We can’t stress this enough: you can beat a hacker, if you can think like one.

“I would go for the EC-Council CEH v8 to acquire the required skillset needed to help keep networks more secure. It's like the saying...to catch a thief, you have to think like a thief. With Firebrand Training, that dream would become a reality…” – Clevelon

If you’re familiar with what you need to make progress, you have a very good chance of reaching your goals.

“If I win the FTFL Competition, I will start with the BCI Certificate Training. The reason is because as an IT practitioner, my chosen area of specialty is IT Management, and with the Five Core Modules of the BCI Curriculum, (1. Policy, Programme Management and Culture;  2. Understanding the Organisation;  3. Determining Business Continuity Strategy;  4. Developing a BCM Response;  5. Exercising, Maintaining and Reviewing BCM Arrangements) I should be able to gain the requisite foundation for a start in the Sphere of IT Business Management.” - Imo

As you see different people have different preferences and ideas about their future. We’d be delighted to hear more of your stories. Tell us which course you’d take first, if you won Free Training For Life. You can do so on the Firebrand Google+ page.

Send us your story of which course you'd take and why, and the best ones will again be rewarded with 100 extra entries and a "Failure Is Not An Option" t-shirt.

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 15 April 2014

Top tips for passing your CISM or CISA exam


By 

ISACA extended its exam registration deadline until 22 April, which means one thing: it’s time to start preparing.

CISA and CISM are top credentials for IT security professionals specialising in managing, auditing, developing and reviewing information security systems and for developing best organisational security practices. Because of their high prestige, CISA and CISM are not easy to get, but if you follow these tips, you’ll be on the right track:

  • First thing’s first, read ISACA’s CISA or CISM review manual, as it provides you with the content, structure and main topics of the exam. Make sure you understand the key areas, but don’t just focus on the main bits, read everything at least once. It's better to not leave things to chance, right?
  • Take notes. It may be old school, but it works. Writing things down helps you remember and familiarise yourself with the concepts.
  • Once you're confident in your knowledge of most, if not all of the basic concepts of CISA or CISM, you can start testing yourself. Read the review questions, answers and explanations.
  • Remember, you’re not a student. You're an IT professional, and you have to manage IT systems efficiently, whilst making good, informed decisions.
  • Last minute revision: some say it’s good, some say it’s bad. Your call. Because you can’t take the CISA or CISM review manuals into the exam, it may be worthwhile to skim through the key areas 30 min before the exam.

Some people tend to get more nervous than others when it comes to taking an exam, so here are some general tips for keeping your cool before and during your exam:

  • Take a break every now and then. Doing long sessions of study or revision without a break won’t get you far, because you’ll lose focus. Take at least a 5-10 minute break for every 50 minutes of work.
  • Read it out. Verbal memorisation is often a better way to learn than just reading in silence.
  • Drink plenty of water to stay focused and hydrated.
  • Try to avoid caffeine. Whether it’s a cup of coffee or a can of Red Bull, caffeine will make you feel more anxious, so try to avoid it before going to your exam.
  • Do a bit of exercise. It gets your blood flowing and you’ll feel fresh. It also increases your focus.

Good luck. 

About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 24 March 2014

Digital Badges for ISACA Credential Verification


By 

ISACA has decided to take countermeasures against fraudulent security credentialing with the use of Open Badges. Open Badges by Mozilla are digitally displayed badges and in this case, they will be awarded to those who have completed training and acquired an ISACA certification.

How does it work?

Open Badges are secure digital representations of ISACA credentials, such as CISA, CISM, CGEIT or CRISC. They can be embedded into emails, personal websites, a résumé, as well as social and professional networking websites, such as Facebook and LinkedIn. Displaying your open badge across social platforms offers potential employers an easy way to verify and evaluate your competencies and achievement.
Once someone clicks on the badge, it calls up a set of metadata, verifying the certification and sums up the qualifications and the process, which were required to earn it.


“ISACA credentials are in demand by employers worldwide, and we are glad to offer our certification holders the opportunity to utilize open badges to demonstrate their accomplishments… Open Badges offer an efficient method for current and potential employers to validate a certification, and also give certification holders a simple and effective opportunity to tell their professional story and enhance their recognition.” said Allan Boardman, International Vice President of ISACA and Chair of ISACA’s Credentialing and Career Management Board, in a recent statement.

Which is your ISACA course?

CISA, CISM, CGEIT, CRISC. We run them all, just pick the one that suits you best. Visit our course page and view more details about accelerated ISACA training courses.

ISACA’s exam registration deadline is near

ISACA only runs its exams three times a year, with the next one coming up on 14th June. If you want to take your exam as early as possible, you have to register by 11th April, which is the final registration deadline for the June exam.

Have you already completed your course and registered for the exam? Well done, here are some revision tips for passing your exam! 

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 3 February 2014

What you'll learn on the CISM course


By 

Certified Information Security Manager (CISM) is a top credential for IT security professionals specialising in managing, developing and overseeing information security systems and for developing best organisational security practices. The credential suits the needs of IT security professionals with enterprise level security management responsibilities.

CISM certified professionals have advanced and proven skills in:
  • Security Risk Management
  • Program Development and Management
  • Governance and Incident Management
  • Responding to Incidents
CISM credential holders must agree to the CISM Code of Professional Ethics, pass the examination, possess at least five years of security experience and submit a written application to qualify.

What CISM gives you

Organisations and government agencies increasingly recognise, require and expect their Information Security and Information Technology professionals to hold CISM certification, because it:
  • Demonstrates your understanding of the bigger picture, i.e. the relationship between an information security program and general business objectives
  • Distinguishes you as having not only the information security expertise, but also the knowledge and experience in developing and managing an information security program
  • Is considered essential to on-going education, career progression and value delivery to enterprises
  • Provides the organisation with a certification for Information Security Management that is recognised by multinational clients and enterprises, lending credibility to the yourself as well as your organisation

As a CISM, you’ll be able to:
  • Identify critical issues and tailor organisation-specific practices to support the governance of information and related technologies
  • Oversee and direct information security activities to execute the information security program
  • Develop and manage a capability to respond to and recover from disruptive and destructive information security events
  • Design, develop and manage an information security program(me) to implement the information security governance framework
To learn more about the benefits of CISM, watch the following short video featuring CISM certified IT professionals: 



About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Tuesday, 7 January 2014

The hottest certifications for 2014


By 


The value of IT and Project Management certifications have immensely increased as IT security, risk management, project management or computer forensics experts are more and more in demand.

According to the European Commission "there will be a deficit of over 900,000 trained IT staff in Europe by 2015”. Firebrand compiled a list of this year’s hottest IT and Project Management certifications to help you make the most of the 100,000s of job opportunities.

CISSP - Certified Information Systems Security Professional

The CISSP is an advanced level certification for information security professionals. As a CISSP, you’ll be an expert in developing, guiding, and managing security standards, policies, and procedures within your organisation.

(ISC)2 designed and developed CISSP for experienced security professionals. To obtain this certification, you’ll need a minimum of 5-years experience in at least two of the following (ISC)2 common body of knowledge domains:
  • Access Control
  • Telecommunications and Network Security
  • Information Security Governance and Risk Management
  • Software Development Security
  • Cryptography
  • Security Architecture and Design
  • Operations Security
  • Business Continuity and Disaster Recovery Planning
  • Legal, Regulations, Investigations and Compliance
  • Physical (Environmental) Security

The CISSP will be one of this year’s most sought after IT certifications and an overall must-have for IT security professionals.

PMP – Project Management Professional

Developed by project managers, PMP is the highest level credential offered by the Project Management Institute (PMI). The certification is designed to ensure that PMP holders possess the skills and qualifications to successfully manage all phases of a project, including:
  • Initiating
  • Planning
  • Scheduling
  • Controlling
  • Monitoring
  • Closing the project

PMP certified professionals are also experts in managing all aspects of the triple constraints – time, cost and scope.

In order to get PMP certified, credential seekers must demonstrate and prove they have the skills and knowledge required to be successful in the field of project management. Demonstrating documentations must include proof of education, projects worked on and hours spent in each of the five phases of project management.

CRISC - Certified in Risk and Information Systems Control

ISACA’s CRISC is awarded to IT professionals experienced in business and technology risk management, as well as the design, implementation, monitoring and maintenance of Information Systems Control.

As a CRISC certified professional, you’ll manage risk design and oversee response measures, monitor systems for risk, and ensure your organisation's risk management strategies are met.

Job roles for CRISC credential holders include:
  • IT Security Analyst
  • Security Engineer Architect
  • Information Assurance Program Manager
  • Senior IT Auditor

The CRISC exam covers the following domains:
  • Risk Assessment
  • Identification and Evaluation
  • Information Systems Control Monitoring and Maintenance
  • Risk Response
  • Information Systems Control Design and Implementation
  • Risk Monitoring

Since its inception in 2010, over 17,000 pros have obtained the CRISC certification.

CISM – Certified Information Security Manager

CISM, also developed by ISACA, is a top credential for IT security professionals specialising in managing, developing and overseeing information security systems or for developing best organisational security practices.

The credential targets the needs of IT security professionals with enterprise level security management responsibilities. CISM certified professionals possess advanced and proven skills in:
  • Security Risk Management
  • Program Development and Management
  • Governance, and Incident Management
  • Responding to Incidents

CISM credential holders must agree to the CISM Code of Professional Ethics, pass the examination, possess at least five years of security experience and submit a written application to qualify.

CHFI – Certified Hacking Forensic Investigator

EC-Council’s CHFI certification focuses on forensics tools, analytical techniques, and procedures involved in obtaining, maintaining, and presenting computer forensic evidence and data in a court of law.

The CHFI course covers the following topics:
  • Cyber-Crime Overview
  • Search and Seizure of Computers
  • Working with Digital Evidence
  • Incident Handling and First Responder Procedures
  • Gathering Volatile and Non-Volatile Data from a Windows Computer
  • Recovering Deleted Files and Partitions from Windows, Macintosh, and Linux Systems
  • Password Cracking
  • Log Capturing Tools and Techniques
  • Investigating Network Traffic, Wireless Attacks, Web Attacks, and E-mail Crimes

As a CHFI, you’ll be able to protect your organisation by responding promptly to any and all attacks.  

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Monday, 6 January 2014

Tech Resolutions for 2014 by ISACA


By 


The New Year is here and we must be prepared for everything it may bring. According to global non-profit IT association ISACA, IT and cyber-security professionals will have to switch gears if they want to successfully deal with the challenges of 2014, especially in cyber-security, data privacy and big data.

“The pace of change expected in 2014 will put incredible pressure on technology professionals in the workplace with a focus on keeping IT risk in check while at the same time delivering value to the business. But this is also a chance for the IT department to be a strategic partner with the business on navigating these issues and opportunities,” said Bhavesh Bhagat, CISM, CGEIT, CEO of EnCrisp, co-founder of Confident Governance and member of ISACA’s new Emerging Business and Technology Committee.

ISACA’s Top 5 Tech Resolutions for 2014
  • Prepare for Privacy 2.0 - Attitudes toward data privacy are unlikely to reach a consensus in 2014. Instead, be prepared to accommodate both those with little expectation of privacy and those who view their personal data as currency and want to control how that currency is spent.
  • Slim down big data - Explosive data volumes were the #1 issue posed by big data in ISACA’s 2013 IT Risk/Reward Barometer. Unmanageable data creates redundancies and is difficult to keep safe. In 2014, eliminate the excess and consolidate what remains, to promote sharing and protect using better controls.
  • Plan to compete for cyber-security and data analytics experts - Demand for smart analytics people and cyber-security defenders with the right certifications is only going to increase in 2014—the year of the data professional. If you plan to recruit , make sure your salary package and job descriptions are competitive.
  • Rethink how your organisation is using your information security experts - With some elements of IT security operational responsibility (including malware detection, event analysis and control operation) increasingly being outsourced to cloud providers, smart leaders are enabling their internal security experts to become hunters instead of just defenders. This allows them to proactively deal with the most hard-to-detect threats, build internal intelligence capabilities, construct better metrics and invest in operational risk analysis.
  • Ramp up for the Internet of even more Things - With 50 billion devices expected to be connected to the Internet by 2020, start working now on a policy for governing connected devices—many invisible to the end user—if your enterprise doesn’t have one already.
Learn more about information security management, risk management or governance of IT on our ISACA courses.

About the Author:       
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry. 

Thursday, 6 June 2013

Last minute tips for passing your ISACA CISA or CISM exam


By 


Updated on 16/07/2015
CISM ISACA logo
ISACA's CISA and CISM are must-have certifications for any IT security professional working with information security systems. 

These high prestige certifications are difficult to attain, but if you follow these tips, you'll be better prepared to achieve them:

  • Read through the ISACA Exam Candidate Information Guide 2015, which you can find here.
  • By now you've probably read or re-read ISACA’s CISA or CISM review manual which provides you with the content, structure and other topics of the exam. Highlight key areas and devote extra attention and time to them. Don't leave anything to chance.
  • Join the discussions in ISACA’s Study Communities – click here for the CISA group and here for the CISM group. 
  • In case you haven’t got the CISA/CISM Practice Questions Database v15 resource, ISACA also offers free CISA and CISM Self-Assessment tests which will help identify gaps in your knowledge that are in need of further study. Here are the links - CISM Self-Assessment and CISA Self-Assessment.
  • Stay old school. Take notes and read things out loud. Both will help you memorise concepts more easily.
  • Once you're confident, and can explain most if not all the basic concepts of CISA or CISM, then read review questions, answers and explanations.
  • This is not a university or high school exam. Think like an IT Auditor and not like a student. You have to manage tasks the best way by making the best decisions.
  • Many students find that the hardest part is visualizing the concepts, which you’ll need to do in the exam. So try to prepare some of your own before hand.
  • As you’re probably aware, you can’t take the CISA or CISM review manuals into the exam, so try to skim through the key areas 30 min before the exam.

CISA ISACA logoOne thing to note is that the markers don’t want to know if you are the strongest in IT related systems, they just want to be sure you’re competent enough and can make the best decisions, evaluate and review IT security and audit related issues.

Here are some more general revision tips to ensure your exam success:
  • Frequent breaks are essential. Don’t expect your brain to focus for hours, if you don’t give it some rest. Take a 5-10 minute break for every hour spent with studying
  • Drink plenty of water as it helps you to think and most importantly it hydrates you.
  • Avoid caffeine. Coffee, Coke or Red Bull, they will only make you feel more anxious, so cut them out of your “exam diet”.
  • Before the test, do some exercise. It gets your blood flowing and relaxes you. It also increases your alertness.
And one last thing, try to relax! Visualise your goal: your name on this certification (or your slightly different CISM certification).

CISA certification template

Do you need more information/inspiration? Check out these great CISM & CISA resources:
Or watch these two videos of CISA and CISM certified professionals.


Good luck.


About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.