Who should take this CISM training?

This course is for experienced IT professionals who manage or oversee security programs, risk, or incident response. If you're already in a mid- to senior-level cybersecurity or governance role – or moving into one – this training updates your skills for emerging threats like AI-driven attacks and positions you for the CISM exam.

How much does the CISM cost?

The CISM exam costs $575 USD for ISACA members and $760 for non-members. An ISACA membership costs around $145 a year, so it might be worth becoming a member if you’re paying for the exam anyway. It’s a pricey process, but it's well worth it if you’re pursuing leadership roles in security, compliance, or risk governance.

Does earning the CISM pay well?

Yes – CISM consistently ranks among the highest-paying certs in IT. According to industry surveys, professionals with CISM earn well into six figures, especially in roles like security manager, IT risk lead, or GRC director. It’s a major salary booster for those managing security at the organizational level.

Is it hard to learn the technical and managerial skills of the CISM?

It’s challenging but doable with experience. The hardest part is the shift from technical tasks to management thinking – budgeting, governance frameworks, and risk ownership. If you’re used to hands-on tools, this course helps you think like a leader in control, compliance, and crisis readiness.

What jobs do I qualify for with the CISM?

With CISM, you're qualified for roles like Information Security Manager, Cybersecurity Program Lead, GRC Manager, or IT Risk Director. Employers recognize CISM as the benchmark for leadership in security policy, incident response planning, and program oversight.

ISACA Certified Information Security Manager (CISM) Online Training

This CISM training prepares IT professionals to manage enterprise-level security governance, risk, and incident response. This online, self-paced course aligns with ISACA's latest Certified Information Security Manager exam and is ideal for roles like Information Security Manager, GRC Lead, or Risk Officer. You'll build leadership skills in threat modeling, risk treatment, and post-incident review, making it perfect for both CISM certification prep and recertification.

Bob SalmansCybersecurity & Governance, Risk, and Compliance (GRC)

Updated June 2025

Request a Demo

14Skills

99Videos

1Practice Exam

14h 4mTotal

99 videos1 exam14h 4m

Who This Course Is For

This course is for mid- to senior-level IT professionals in security, risk, and governance roles. If you lead security programs, manage audits or incident response, or are preparing for the CISM exam, this course updates your skills to meet today’s regulatory and threat environment head-on.

Skills Your Team Will Gain

Design and align security strategy with business objectives
Conduct vulnerability and control gap analysis
Develop and evaluate business continuity plans
Manage third-party and supply chain security risks
Monitor incidents with tools like SIEMs and response playbooks
Communicate risk posture and incident response to stakeholders

Course Curriculum

Premium skill.Creating An Information Security Program1h 1m
Premium skill.IS Program Resources1h 5m
Premium skill.Creating A Successful IS Program1h 7m
Premium skill.Organizational Roles and Using Metrics50m
Premium skill.Introduction To Risk Management1h 17m
Premium skill.Risk Management Frameworks and Processes57m
Premium skill.Managing Assets and Threats1h 11m
Premium skill.Information Security Risk Management1h 13m
Premium skill.Creating An Information Security Program58m
Premium skill.Information Security Operations60m
Premium skill.Managing An Information Security Program58m
Premium skill.Implementing and Managing Security Controls49m
Premium skill.The Incident Response Process48m
Premium skill.BC/DR Planning and Standards49m

Part of the Security & Compliance training initiative

Platform Features

Certification

CISM – Certified Information Security Manager

The Certified Information Security Manager (CISM) certification validates an individual's expertise in information security management, risk management, and incident response, and is ideal for IT professionals who want to demonstrate their expertise ...

Exam CISMLevel ProfessionalDifficulty AdvancedCost $575 for members $760 for non-members

Information Security GovernanceRisk ManagementInformation Security Program Development and ManagementInformation Security Incident Management

Official certification page

For IT leaders

What IT leaders need to know before assigning this course

Security teams often have strong technical skills but inconsistent approaches to governance, risk, controls, incident response, and BC/DR planning. IT Directors can assign this CISM-aligned course to standardize how experienced security practitioners think about building and managing an information security program.

The course is best suited for security managers, Team Leads, risk-focused IT Practitioners, and senior staff preparing for the ISACA CISM certification. The ordered curriculum represents about 14 hours of instruction per learner, making it a realistic multi-week assignment alongside operational work. For change management, Training Managers can sequence modules around program governance first, then risk management, security operations, controls, incident response, and continuity planning.

CBT Nuggets Playlists can help structure the rollout by role, Practice Exams can support certification readiness, and Team Reporting gives IT leaders visibility into completion progress across the team.

Team Impact

How this training helps your team succeed

IT teams complete this training to connect security management practices with day-to-day operational decisions. The course topics map to real program work: creating an IS program, allocating resources, using metrics, managing assets and threats, implementing controls, responding to incidents, and planning for business continuity and disaster recovery.

Improve governance consistency by aligning security program creation, roles, resources, and metrics.
Reduce operational risk by giving teams a shared process for risk management frameworks, asset management, threat analysis, and security controls.
Strengthen incident readiness by reviewing the incident response process before a real outage or breach scenario occurs.
Support audit and resilience goals with structured coverage of information security operations, BC/DR planning, and standards.

After completion

Knowledge & ability your team will gain

Knowledge

How information security programs are created, resourced, and managed.
How organizational roles and security metrics support program oversight.
Core risk management concepts, frameworks, and processes.
How assets, threats, controls, and operations fit into security program management.
How incident response and BC/DR planning contribute to organizational resilience.

Ability

Evaluate whether an IS program has the roles, resources, and metrics needed for effective management.
Apply risk management thinking to assets, threats, controls, and security operations.
Support implementation and management of security controls within a broader program.
Participate more effectively in incident response planning and execution.
Contribute to continuity and disaster recovery planning discussions with a CISM-aligned management perspective.