CISM/CISA/CRISC/CGEIT December 2012 Feedback

[N2IT]

Thanks for the follow up

I'll stick to the MBA for the meantime.

[paul78]

I am curious...

For the folks that took the CISA who expressed that it was challenging, did you take the exam in your native language or English? And do you have infosec experience? I wonder if the CISA was skewed toward US English and infosec topics. I noticed when I took the CISM and CRISC, there were definitely questions which were judgement-based and I had to rely on my infosec experience versus anything in the Review Manual.

[Falasi]

I had few issues before this exam ; had 2 weeks of shifting and 2 other weeks of sickness . entered the exam and I was like "CISM studies should help on CRISC since I had high marks in Risk".

The exam was somehow funny , I'm not sure how I did as I followed common sense ... will know If i'll repeat it by June or do CISA. GL all

[sandiego_f]

I am curious...

For the folks that took the CISA who expressed that it was challenging, did you take the exam in your native language or English? And do you have infosec experience? I wonder if the CISA was skewed toward US English and infosec topics. I noticed when I took the CISM and CRISC, there were definitely questions which were judgement-based and I had to rely on my infosec experience versus anything in the Review Manual.

Hi,
I have more than 7 years of experience in information security. I would say i have a very deep and broad knowlegde in this field. I answered within my first try almost every question of domain 5 correctly. I was very disappointed having the feeling that this part has not been tested as planned with a percentage of 31%. I took the exam in english. At first I worked for 2 years in the UK as an it-auditor and had never any problems with my english. Now I work for a very large company (more than 200.000 employees) since more than three years and participate within a lot of global it-audits covering the whole world. I travel a lot etc. But this is not the topic. I think my experience is more than adequate for passing the CISA without and doubt.

This is why iam very surprised and extremly disappointed. The test did not test me in my knowledge about it auditing. Instead the questions were very vague about anything else than it audit and trying to trick me instead of trying to test the knowledge about it audit. But i dont want to say anything bad. Everything i say is just the feeling i had. A lot of people seemed to share this experience after the test.

[ciphercodes]

I took CISA exam in Raleigh, I was not surprised at questions at all as this is the way ISACA constructs their questions, infact I was expecting this exam to be more difficult. I think I did well on the exam but the results will explain how I REALLY did. I studied the CRM and went through the questions database once.

[DavefromMD]

I took the CISA test on Dec. 8th. I was also surprised about the questions. With IT back ground with lots of development, PM, security and auditing experience, I was hoping it will be more technical. Questions were similar to the V12 DB from ISACA. Not exact words repeated, but similar. The first 5 questions, I thought I had already seen before and that set the tone. I felt good about my performance. What really helped me was looking at the question from ISACA perspective and not from my experience. This I learnt while preparing for PMP. The books I studied and the forums I visited insisted look from PMI perspective. I did exactly same here. I fully agree with Ciphercodes above. I was not surprised about the question format, though I was expecting and wishing it to be more technical than general. Like BMAC, I also answered about 5000 questions and I knew exactly how the same question can be twisted many different ways. I registered for test on 10/3 and got study material a week later. So, I had less than 8 weeks to prepare. CRM and V12 DB are my main source. Well, I will know in 2 months, pass or not.

[victor58]

I took the CISA test on Dec. 8th. I was also surprised about the questions. With IT back ground with lots of development, PM, security and auditing experience, I was hoping it will be more technical. Questions were similar to the V12 DB from ISACA. Not exact words repeated, but similar. The first 5 questions, I thought I had already seen before and that set the tone. I felt good about my performance. What really helped me was looking at the question from ISACA perspective and not from my experience. This I learnt while preparing for PMP. The books I studied and the forums I visited insisted look from PMI perspective. I did exactly same here. I fully agree with Ciphercodes above. I was not surprised about the question format, though I was expecting and wishing it to be more technical than general. Like BMAC, I also answered about 5000 questions and I knew exactly how the same question can be twisted many different ways. I registered for test on 10/3 and got study material a week later. So, I had less than 8 weeks to prepare. CRM and V12 DB are my main source. Well, I will know in 2 months, pass or not.

Dave, 5000 questions? the v12 db had 1100 questions in total. where did you find 5000 questions?

[paul78]

Thanks for all the interesting views on the CISA. It was not one of the ISACA knowledge areas that I was interested in pursuing but all the comments have really peaked me curiosity. I may just give it a whirl.

[bmac]

Dave, 5000 questions? the v12 db had 1100 questions in total. where did you find 5000 questions?

Its the amount of questions answered not the amount of unique questions answered.

[ciphercodes]

I've tempted to officially complain to ISACA. I'm going to hold off and see if it just me that feels like this.
.

ISACA just sent out a survey request on preparation, testing environment and the exam itself.

[bmac]

ISACA just sent out a survey request on preparation, testing environment and the exam itself.

Yes I've completed it and I'll leave it there. I'll just wait until the results. If I fail it will be no surprise and I'll take the next exam with a bit more experience. If I pass then obviously all the hard work paid off. I still haven't lost all hope and I'm fairly confident. It is surprising how the majority on here who have taken the CISA exam this time round have had pretty much the same thoughts on it.

[JayDub211]

Yes I've completed it and I'll leave it there. I'll just wait until the results. If I fail it will be no surprise and I'll take the next exam with a bit more experience. If I pass then obviously all the hard work paid off. I still haven't lost all hope and I'm fairly confident. It is surprising how the majority on here who have taken the CISA exam this time round have had pretty much the same thoughts on it.

Yeah It seems everyone feels a bit shaky. Sometimes, that's just your mind being cautiously optimistic.

I feel like I passed. I hear that about 25 questions are used for research. Lets hope all my wrong answers are in thar 25

I havent taken a standardized test in 6 years, so it was a rude awakening. I did all the preparations I could given schedule etc. Let's see if it works.

Good luck all!

[bmac]

Yeah It seems everyone feels a bit shaky. Sometimes, that's just your mind being cautiously optimistic.

I feel like I passed. I hear that about 25 questions are used for research. Lets hope all my wrong answers are in thar 25

I havent taken a standardized test in 6 years, so it was a rude awakening. I did all the preparations I could given schedule etc. Let's see if it works.

Good luck all!

I've heard a few more than 25 were research questions, more the merrier imo. To be honest if there are as many research questions as that, that's what is probably throwing people off. Some questions seemed to have no place in the exam and when i went through my paper after finishing i'm sure i could point out some of the research questions. Seems strange to have so many though doesn't it?

[JayDub211]

I've heard a few more than 25 were research questions, more the merrier imo. To be honest if there are as many research questions as that, that's what is probably throwing people off. Some questions seemed to have no place in the exam and when i went through my paper after finishing i'm sure i could point out some of the research questions. Seems strange to have so many though doesn't it?

yeah bro. To me, There seemed to be a LOT of Chapter 2 on the test! And some of the questions had answers that weren't even in the book!

To me, that's silly. Why throw off your test takers with a plethora of research questions?!

I think they used this test as an experiment. They know what they are doing, lol. I'm sure all of us feeling "a way" about it isn't coincidence or group think!

Lets just hope that all wrong answers are research and werent counted!

[CISPhD]

The concepts behind experimental questions are to evolve not only the material on the test given new and emerging industry trends, but to evolve the way in which the questions are asked. There's a great deal of science regarding how questions are worded, and the environments and contexts in which examinations are administered. Any organization hoping to keep pace with such a rapidly evolving industry should be performing these types of studies.

On a whole, if you understand what you're supposed to understand to pass the test, you shouldn't miss many of the real questions. Even if you miss the experimental questions, they won't impact your score at all. Do some google searches on test delivery methodology studies. If you have access to academic journals, feel free to look there as well. There's a great deal more to studying for an exam than just studying the CBK... understanding the delivery method, and the associated best method of study, can give you an edge in even the most remote of subjects.

[ciphercodes]

I hear that about 25 questions are used for research.

I hope this is true but I am am not able to find any reference to it. I verified the exam section on the CRM and it does not say anything about experimental questions.

[bmac]

I hope this is true but I am am not able to find any reference to it. I verified the exam section on the CRM and it does not say anything about experimental questions.

Taking the CISA Exam

5 - "The CISA exam contains some questions which are included for research and analysis purposes only. These questions are not separately identified and not used to calculate your final score."

[paul78]

S

ISACA just sent out a survey request on preparation, testing environment and the exam itself.

I just got the email too.

I couldn't help noticing that the email subject had the word "Department" spelled incorrectly. My theory is that the survey is part of the test. I think its to see if you can identify a phishing attempt since badly worded or misspelled emails are considered an indicator of phishing emails. (ducks to avoid the projectiles)

[victor58]

The concepts behind experimental questions are to evolve not only the material on the test given new and emerging industry trends, but to evolve the way in which the questions are asked. There's a great deal of science regarding how questions are worded, and the environments and contexts in which examinations are administered. Any organization hoping to keep pace with such a rapidly evolving industry should be performing these types of studies.

On a whole, if you understand what you're supposed to understand to pass the test, you shouldn't miss many of the real questions. Even if you miss the experimental questions, they won't impact your score at all. Do some google searches on test delivery methodology studies. If you have access to academic journals, feel free to look there as well. There's a great deal more to studying for an exam than just studying the CBK... understanding the delivery method, and the associated best method of study, can give you an edge in even the most remote of subjects.

Do you have links to so called "test delivery methodology studies" research papers, etc? Would be interesting to read.

[CISPhD]

My theory is that the survey is part of the test.

Don't quit your day job bud.

Do you have links...

Check these out for starters:
http://learninglab.psych.purdue.edu/...diger_JEPA.pdf
http://www.accaglobal.com/content/da...ct11_f1-3b.pdf

[paul78]

One thing that I like about how ISACA schedules only twice a year exams is the shared anticipation for the results

4 more weeks to go...

[CISPhD]

Looks like ISACA has doubled the number of times they administer the exams each year. In addition to their standard schedule, they now have exams in Sept 2013 and April 2014.

[minbag]

I agree. I finished the CISA exam and didn't get ONE question that belonged to section 5. Nothing on crypto, IT hardware, nothing. Very weird. I got some ridiculous questions about physical security, which didn't even make sense. I was also convinced that I'd sat for the wrong exam and checked the front of the exam page twice, I thought I was losing my mind.

I'm not doing any more ISACA exams until they get their act together and get their system computerized..... If the CISSP is online, why isn't CISM and CISA?

[CISPhD]

If the CISSP is online, why isn't CISM and CISA?

There is a pretty big expense associated with computerizing an exam. I imagine ISACA isn't computerized yet as it is cost prohibitive... That is unless, of course, you'd rather pay even more for an ISACA exam.

Furthermore, while I haven't sat their CISA exam yet (June 2013), I have sat two of their other exams that were spot on. If you didn't like the CISA, shoot for some of their other exams (Assuming you're qualified). They're not all bad.

[vasyvasy]

Hey, I completely agree with minibag
I cannot speak for other previous CISA exams, but on Dec 8th the questions for Domain #5 just seemed ... non-existent