Five Quick Tips for Taking ISACA Certification Exams

Information Security
Author: ISACA Now
Date Published: 3 November 2022

Updated: 17 April 2023

With more than 300,000 ISACA certifications issued to date, a wealth of knowledge has been accumulated by certification-holders over the years.

If you are considering pursuing an ISACA certification, here is a chance to benefit from some of that collective wisdom. Below are five tips from successful certification candidates that helped them earn that passing mark:

Answer the questions you are sure of first

The prospect of a timed exam with dozens of question can feel overwhelming. One way to help ensure a great start to your exam is to initially focus on the questions that inspire the most confidence.

“I answered all the questions I was sure of and left the other ones for later,” wrote Angelina Kahn-Dubois, the top CISA exam scorer in 2021. “Then I answered the remaining ones by eliminating the answers one by one and trusting my instinct when I couldn’t choose between two answers.”

Don’t overthink it

It is easy to go down a rabbit hole of teasing out questions from numerous angles and, in the process, to second-guess yourself. That sort of paralysis by (over)analysis tends to be counterproductive.

“Do not overthink the questions or spend too long on one,” says Eric Davidson, a cloud and cybersecurity advisor who has the CISM, CISA, CGEIT, CRISC and CDPSE certifications from ISACA, among a wide range of industry credentials. “Most ISACA questions are straightforward and spending three minutes to get one question right is a Pyrrhic victory if you might be cutting it close on time.”

Train with an Accredited Training Organization (ATO)


Accredited training for IT professionals is increasingly in-demand. Exam-takers that choose to prepare with an ATO are choosing high-quality training and coursework that have been rigorously reviewed by outside assessors and conforms to international standard ISO/IEC 17011.

ISACA partners with ANSI (The American National Standards Institute) to provide third-party accreditation for certifications to ensure the highest levels of quality, consistency and integrity are met globally. This confirms the competence of the instruction, the integrity of the intellectual property and reputation of your organization.

Only accredited partners can provide accredited training materials directly from ISACA. Learn more about he benefits of ATOs, including the top five exclusive benefits available to ISACA ATOs, and about how you can grow your business as an ISACA accredited partner, joining dozens of ATOs around the world.”

Principle of verticality

Who is responsible for decision-making and how does that factor into the organization’s governance approach? That context should not be overlooked in ISACA certification exams, says Nathan Stout, who holds the CISM and CRISC certifications.

Stout said that while ISACA exams reflect best practices, many organizations are operating at a lower level of maturity. He said it’s helpful for exam-takers to be aware of that potential disconnect, as the correct answer might not be what practitioners have experienced in various work settings.

“Think vertically,” Stout says. “ISACA exams place a lot of emphasis on organizational structures and governance, i.e., accountability and responsibility for risk decisions. In the ideal model, these decisions are almost never made at the practitioner level. Understanding that context is vital.”

Know your audience

Understanding the nuance of dealing with executive leadership and how to communicate effectively using language that resonates with the business can be beneficial on ISACA certification exams.

“To succeed in the CISM exam, reprogram your mind for success,” writes George McPherson. “Think like a manager. As a CISM, you don’t fix problems – you are a risk advisor who understands that security should support the business, not hinder it. The business always comes first, as this is how companies stay in existence, and if there is such a thing as a tiebreaker, a risk assessment and final approval should be presented to senior management. Become bilingual, as your language should change when you talk to technical personnel and shift with ease when talking to executive leaders. In short, know your audience.”

Editor’s note: For more tips and guidance from ISACA certification exam-takers, download Earning Your ISACA Certification: Proven Tips from Exam Takers.