Recently I sat the BCS Certificate in Information Security Management Principles (CISMP) exam and passed with a decent score of 86%. I have a few thoughts on this exam, which I’d like to share.
1. The exam has no decent self-study revision materials.
Well, it has a book.. That’s it, no videos, papers or website based materials to use. The book costs money (kindle version approx £15) and is approx 250 pages long, which is great if you’re good at text based study (which I’m not), so it was a struggle. I would have liked some YouTube videos – at least. There are training courses, but they are approximately 4-5 days for a course which should be probably done quickly and cheaply.
2. The material doesn’t follow some general principles in other exams.
Basically the CompTIA Security+ covers some things like security control types as Technical, Operational and Management, whereas CISMP covers them differently.. big pain if you’re doing both exams. There is however a lot of cross-over, so it isn’t a lost cause.
3. Lack of technical coverage
I would have thought it could cover protocols or some part of networking similar to the CompTIA Security+ exam, but no.. I realise this is an entry exam, but I feel it is really too high level. The exam covers technical controls (physical) but doesn’t really discussed how they are applied.
The best option for studying is to read the book (at least once!) and then pick up training for exams such as the CompTIA Security+ and perhaps (ISC)² SSCP. Between the different courses, you should have enough content to pass the exam. I wholly suggest using the Professor Messer (£0 online), InfiniteSkills (£8 pcm) or CBT Nuggets videos (£65 pcm) to study as they are good quality and will definitely help.
You aren’t expected to have any previous experience with InfoSec, but it would help if you know the basics – Apress Open have some books, such as the InfoSec Handbook
Whatever you choose, I hope you succeed and let me know how you get on.