You may want to consider the CISA instead of the CISM. The CISA is
more well known and considered a stronger certification. Not much is
known about the CISM test yet since it is just being administered.
The advice below is specifically for the CISA, but it should provide
a reasonable basis for the CISM advice you asked for as well.
CISSP/ CISA Delta: About 85% of the CISA material is covered in the
CISSP. IF you are already a CISSP but not a CISA you will need to
know the following:
1): Sampling techniques and terms (random, stratified, sample
size, etc.)
2): CoBIT (download it and read it)
3): Audit "protocol" (who reports to whom, when and in what
manner)
Good CISA Books: The best one is the ISACA study guide ("official")
but it costs about $165. There is also an "Ultimate CISA Study Guide
(www.PacificIS.com) about $35. Also www.cccure.org has a great set
of questions (600) - free.
Value of CERT. Depends on what you do. If you consult - this is a
very worthwhile Cert. If you are in the auditing field it is
practically required to move up. I conduct a "monster test" (search
for IS jobs on monster with and without the Cert.) the CISA actually
has been doing better than the CISSP in the monster test since
SarBox gave auditors full employment.
Regards,
Doug Landoll, CISSP, CISA
President, Veridyn Inc.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
