Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Champion

CISSP-ISSMP Certified 13 Jan

Just received email from ISC2 Member support about the acceptance of the endorsement and award the ISSMP Concentration Designation on 13 Jan 2020.


Just share the timeline a bit, just in case any of you are in the queue/middle for endorsement review.

I took the exam on 25th Nov 2019.

Submitted the endorsement on 27th Nov 2019, got the result today.

So it's still within the end of week 6 timeline to get the result of review and mark an end for this "waiting" process (for now until the next certification).


Patience is virtue and this is worth waiting for.


@Kaity Thanks for your prompt reply on my certification enquiry.



11 Replies
Community Champion

@csjohnngHearty Congratulations.


What was your study regime for others to think about doing the same?





Community Champion



Basically i am taking CISM and ISSMP at the same time last year, one day apart with the each other, ISSMP first and followed by CISM the next day. There are a lot of overlapping areas/domains between these 2 exams.


I took last couple of days before the exams and performing very intensive exercise over the Official CISM QAE from isaca, going through 800-900 QAE (i did not complete all of them, all is about 1,000+) and also study Official (ISC)² Guide to the ISSMP CBK, Second Edition, focusing on Domain 4 and Domain 5 which is not fully covered in CISM domain or unique to ISSMP.


The key point is not to remember the question and answer, but as a mental exercise to think if you were in that situation, why you should take this approach but not the other choice and understanding what's wrong (or not the best) with the other choices.


Everyone has their unique knowledge and experience, but what work for me, may not work for the others.


Overall, i think ISSMP is not difficult (to me), comparing with the other exams that i had (CISSP, CCSP or ISSAP), where i have spent much time in preparing those.

Advocate II

The ISSMP overlaps the CISSP, but simply goes into more depth and expects that you've read the references at the end of each CBK.  Strangely, I found it more of a practitioners exam, as you'll find you've read at lot of those references during your generally IT and InfoSec work over the years.



Community Champion


Yes, I do agree there are overlaps with CISSP, as the title describes, it's a concentration within CISSP and expected more in depth focusing on the security management perspective. (where ISSAP focus more on infrastructure, application, design, SDLC and cloud related)


Rather than going to chapter by chapter and reference by reference, i went through official sample test (eg. CISM) and got around 70% correct without reading any study guide or reference, therefore my approach for ISSMP is focusing on the areas which I am not certain and refresh (or clear out) those.


Honestly work experience in general IT,  infoSec and mangerial experience over the last decade definitely help for me.

Community Champion

I'm interested in hearing about your "intensive exercise" with the CISM QAE. I've been treating the book like a huge exam, and marking my failures / progress along the way. The book doesn't really lend itself to study, but I'm doing the best I can with it.


edit:  P.S. to say congratulations on ISSMP!

A claim is as good as its veracity.
Community Champion


I will agree the book itself does not lend to study.

I think it depends how do you use the material/book. Let me share a bit how I am using QAE in general. (Basically is how I am using practice question in all exam preparation in similar way, not just applicable to the QAE, but QAE give a more detail explanation instead of just right or wrong)


I was using the physical book version of QAE, so not the online database. 

Honestly getting the right answer is not important in this process (I got roughly 80% correct, but % does not really matter, because you don't expect the same question appear on the exam even though it may, then it's a bonus provided that you have done it and remember).


I spend 1-2 minutes in answering each question (in each domain), and regardless of right or wrong, I spend another 1-2 (or maybe even 4-5) minutes in understanding the choices (by looking at the explanation given) and also will ask myself


  • what makes choice A correct (best choice) and the other incorrect, what does B, C, D really means, (mainly the explanation part, and see yourself agree to the explanation or not)
  • or in order to make choice "D" be the best answer, how should the question be changed/asked?
  • or change the question.. eg. if FIRST step is change to LAST step, what is the answer, if it's a sequence of step, what is the exact sequence, from MOST effective to "LEAST" effective...and then think of the suitable answer

By doing this process, it will cover a much wider range of topic and knowledge which will be helpful for exam prepare perspective (or at least building your own self confidence / or destroying your own self confidence, either way).


if I have really miss some topic and term (you know when you are answering the question), I go back to study the specific section of related domain to dig in more or google a bit to gain more knowledge. 


The last mock test is really up to you.


Hope this help.

Viewer II

I took the test twice haven't passed I didnt think the test was hard at all. It was very practical questions. I need to get more professional experience I would assume.  If anyone has any resources that you used it would be beneficial.

Community Champion



Glad to see you're persevering with obtaining the ISSMP (I assume you're talking about the ISSMP and not the CISM).


Have you checked the suggested references list for resources?


You should have been given your proficiency level for each domain when you previously took the exam, so I recommend obtaining some references from that list that will help you plug any knowledge gaps.


Many of the references can be downloaded for free from the Internet (and not just the NIST ones), or failing that can be purchased in used condition at little cost from online bookstores.


Good luck!


Newcomer I


Regarding timeline, it seems to be on the same trend as my application is ongoing currenty for 4 weeks.