Which ISACA certification should our security and audit team standardize on?

It depends on the role. CISM is the right cert for the security manager / CISO bench — covers program management and governance. CISA is the gold-standard audit credential for internal audit teams and Big 4 consulting. CRISC is the right cert for risk and compliance managers tying governance frameworks to operational controls. Most mid-market security teams hold a mix — CISM for management, CISA for audit, CRISC for risk.

How do ISACA credentials compare to (ISC)² CISSP for security leadership?

CISSP is the broad technical security credential — what a senior security engineer or architect holds to prove technical depth. ISACA credentials are management and governance-coded — what a CISO, security program manager, or auditor holds to prove leadership and audit competency. Many security leaders hold both: CISSP for technical credibility, CISM for management framing.

How do you measure ROI on ISACA training for a team?

For governance and audit teams, start with audit-readiness metrics — time to prepare for the next SOC 2 / ISO 27001 / regulatory review, defensible coverage of governance roles, and the audit-finding rate on internal controls. CBT Nuggets gives managers the reporting surface to track completion and cert coverage; the training itself prepares the team for the credentialing every auditor expects to see.

Does this work for compliance audit prep (SOC 2, ISO 27001, NIST CSF, HIPAA)?

Yes — ISACA credentials are explicitly recognized in every major compliance framework. The CISM, CISA, and CRISC paths cover the governance, audit, and risk content auditors expect on the team signing off on framework controls. Team reporting helps managers document assigned training, completion, and certification coverage for the audit packet auditors want to see.

What's the experience requirement for CISM, CISA, or CRISC?

All three require 5 years of relevant work experience to fully certify (CISM: information security management; CISA: information systems auditing; CRISC: IT risk management). Engineers can take and pass the exam first, then complete the experience requirement within 5 years. CBT Nuggets training prepares teams for the exam regardless of where they sit in the experience timeline.

How does CBT Nuggets handle ISACA CPE requirements for refreshes?

ISACA certifications require ongoing CPE (Continuing Professional Education) credit to maintain. CBT Nuggets training contributes CPE hours per ISACA's partner program. Managers can use assigned training paths to keep team CPE earning on schedule without anyone scrambling at recertification time.

Governance, risk, and audit credentials

ISACA Certification Training & Courses for IT Teams

CISM, CISA, CRISC, and the ISACA Fundamentals tracks — the credentials auditors and regulators specifically recognize on governance, risk, and audit teams. Every path comes with structured training, exam-aligned content, and team admin reporting.

Request a Demo See team pricing

Certifications

Role paths

Levels

Information security governance team reviewing audit documentation and risk register

Audit-recognized credentials

Built for teams that need to prove governance and audit readiness to regulators.

CertificationsISACA5 certs · Entry to Professional

Spotlight

Most popular ISACA certifications

4 certifications

The ISACA certifications IT leaders most often standardize their teams on — the credentials auditors and regulators specifically recognize on the engineer signing off on governance and audit documentation.

CISM – Certified Information Security Manager

ProfessionalLabsPracticeCISM

Information Security GovernanceRisk ManagementInformation Security Program Development and Management

The Certified Information Security Manager (CISM) certification validates an individual's expertise in information security management, risk management, and incident response, and is ideal for IT professionals who want to demonstrate their expertise in managing and overseeing information security programs.

Exam investment: $575 for members $760 for non-members

View training path Compare on matrix

CISA – Certified Information Systems Auditor

ProfessionalLabsPracticeCISA

Information Systems AuditingGovernance and Management of ITInformation Systems Acquisition, Development, and Implementation

The ISACA CISA certification validates an individual's ability to audit, control, and monitor information systems, and is designed for IT professionals with experience in auditing, risk management, and control. It demonstrates expertise in assessing vulnerabilities, reporting on compliance, and ensuring the integrity of information systems.

Exam investment: USD 575 for ISACA members, USD 760 for non-members

View training path Compare on matrix

CRISC – Certified in Risk and Information Systems Control

ProfessionalLabsPracticeCRISC

Risk IdentificationRisk AssessmentRisk Response and Mitigation

The Certified in Risk and Information Systems Control (CRISC) certification validates an IT professional's ability to identify and manage risk, design and implement information system controls, and maintain ongoing monitoring and reporting of IT risk. IT professionals who want to demonstrate their expertise in risk management and information systems control should consider this certification.

Exam investment: $575 for ISACA members, $760 for non-members

View training path Compare on matrix

ISACA Cybersecurity Fundamentals (ITCA)

ProfessionalLabsPracticeITCA

Cybersecurity FundamentalsThreats and VulnerabilitiesRisk Management

The ISACA Cybersecurity Fundamentals certification validates an individual's knowledge of cybersecurity concepts, threats, vulnerabilities, and risk management. It is designed for IT professionals, students, and individuals looking to enter the cybersecurity field.

Exam investment: $120 for members, $150 for non-members

View training path Compare on matrix

Professional Level

1 certification

ISACA Data Science Fundamentals (ITCA)

ProfessionalLabsPracticeITCA

Data Science ConceptsMachine LearningData Visualization

The ISACA Data Science Fundamentals (ITCA) certification validates an individual's knowledge and skills in data science concepts, techniques, and tools, and is ideal for data science professionals, business analysts, and IT professionals who want to gain a deeper understanding of data science and its applications.

Exam investment: $120 for members, $150 for non-members

View training path Compare on matrix

Customer outcome

Audit-recognized credentials your auditor explicitly asks for

Mid-market security leaders measure ISACA training value in compliance terms — defensible governance coverage for SOC 2 / ISO 27001 / NIST audit prep, a credentialed bench auditors and boards explicitly recognize, and a shared governance vocabulary across security, risk, and compliance teams. Those are the outcomes leadership cares about.

See team pricing

Role-based paths

ISACA certifications by IT job role

Match ISACA certs to the actual roles your team holds. Each path bundles the right certs plus the operational depth engineers need day-to-day.

ISACA certs for Security Managers & CISOs

1 certification

CISM (Certified Information Security Manager) is the management-track ISACA credential — covers governance, risk management, incident response, and security program development. The credential boards and auditors specifically recognize on the CISO and security manager bench.

CISM – Certified Information Security Manager

ProfessionalLabsPracticeCISM

Information Security GovernanceRisk ManagementInformation Security Program Development and Management

Exam investment: $575 for members $760 for non-members

View training path Compare on matrix

ISACA certs for IT Auditors

1 certification

CISA (Certified Information Systems Auditor) is the gold-standard audit credential — covers audit process, governance, information systems acquisition, operations, and protection of information assets. The reference credential for internal audit and Big 4 audit teams.

CISA – Certified Information Systems Auditor

ProfessionalLabsPracticeCISA

Information Systems AuditingGovernance and Management of ITInformation Systems Acquisition, Development, and Implementation

Exam investment: USD 575 for ISACA members, USD 760 for non-members

View training path Compare on matrix

ISACA certs for Risk & Compliance Managers

1 certification

CRISC (Certified in Risk and Information Systems Control) covers enterprise IT risk identification, assessment, response, and control monitoring. The cert that ties governance frameworks (COBIT, NIST RMF) to operational IT.

CRISC – Certified in Risk and Information Systems Control

ProfessionalLabsPracticeCRISC

Risk IdentificationRisk AssessmentRisk Response and Mitigation

Exam investment: $575 for ISACA members, $760 for non-members

View training path Compare on matrix

ISACA fundamentals for new hires

2 certifications

ITCA (IT Certified Associate) tracks provide vendor-neutral fundamentals on-ramps for teams growing the governance/security bench. The Cybersecurity Fundamentals and Data Science Fundamentals tracks each cover their respective domain at an entry level.

ISACA Cybersecurity Fundamentals (ITCA)

ProfessionalLabsPracticeITCA

Cybersecurity FundamentalsThreats and VulnerabilitiesRisk Management

Exam investment: $120 for members, $150 for non-members

View training path Compare on matrix

ISACA Data Science Fundamentals (ITCA)

ProfessionalLabsPracticeITCA

Data Science ConceptsMachine LearningData Visualization

Exam investment: $120 for members, $150 for non-members

View training path Compare on matrix

Security governance team reviewing compliance framework documentation

Hands-on ISACA practice

Human-led training is the point: engineers practice real skills with expert guidance, not just video playback.

Why CBT Nuggets

How CBT Nuggets is different for ISACA teams

The platform features IT directors evaluating us against Pluralsight, Udemy Business, and LinkedIn Learning ask about most often.

Practitioner-led ISACA training

Bob Salmans and the CBT Nuggets cybersecurity bench teach ISACA tracks from production governance and risk experience. Your team learns from people who have actually owned the audit relationship — not from the exam-objectives slide deck.

Real-world governance scenarios

Practice running risk assessments, building security programs, and walking through audit documentation in realistic scenarios. The training pairs video instruction with applied case work that mirrors what a CISM or CISA holder does on the job.

Exam-aligned content

ISACA exam objectives covered comprehensively. Engineers rehearse before exam day so leaders aren't paying for retakes or re-prep cycles.

Trainerbot in Slack

Governance and risk questions answered where security leaders already work. Trainerbot uses CBT Nuggets training content in Slack so an audit-prep question becomes a learning moment.

Every certification includes

Expert-led video training

Virtual labs

N2K practice exams

Per-team completion reporting

Practitioner-led