Passed my CISM exam last week. I've actually been preparing for a CISSP but decided on a whim to do the CISM as well because so much content is the same. The exam didn't feel too difficult but it was exhausting and I used most of the allotted time.

Best things I did include:

- Using the free CISM training videos at Cybrary. Really good and contained a lot of very useful info
- Buying the Questions and Explanations from ISACA's website. I found the real exam questions to be very, very similar in style to these official practice ones. No, the questions are not the same but the style of question and the topics covered are the same. And it's very important to get a feel for the style of writing ISACA use.
- Buying a month subscription to Safaribooksonline and using Sari Greene's videos for CISA - Yes, CISA! But CISA is very similar to CISM but with a load of auditor stuff added. So I basically watched everything but skipped the videos on auditing, which is pretty easy because helpfully, the auditor video are separated out.

I few words of advice from me:

- Think like a manager who places the business needs first. If you have to choose between getting the best technical fix or ensuring the business meets its goals, go for the latter.
- Do NOT think like a lawyer. Difficult for me as a law type. But the MOST important thing is what's best for the business, and not necessariy what's needed legally. (Still find this a bit odd)
- Make sure you know very well risk management and BCP/DR
- Lots of crossover with CISSP. It's basically CISSP but minus the technical stuff.
- I did not buy the official book, only questions and explanations.

And remember:

- You can actually test yourself for free because ISACA provide a self-assessment test with 50 questions that are very typical of the exam.
- Also, the ISACA website has a community forum where someone posts a 'Question of the Day' with an answer and explanation. Very helpful for getting used to the 'style'.