$ 3,495
Virtual Live
Start April 27th, 2026
Course Overview
In a world where enterprise success is increasingly dependent on information systems, the trust customers, regulators, and boards place in your organization can dissipate in the face of a single data breach. ISACA's Certified Information Security Manager (CISM) is the globally accepted standard for professionals who don't just implement security — they manage it at the strategic level. CISM validates your ability to align the information security program with business goals, govern risk, and lead incident response when it matters most.
- This comprehensive exam prep program is delivered by Divergence Academy, an ISACA Accredited Training Organization (ATO), ensuring official curriculum alignment with the 2022 CISM Job Practice. Participants progress through all four domains — Governance, Risk Management, Program Development, and Incident Management — with a focus on the managerial judgment and business-ROI thinking the exam rewards.
- Tools, Languages, and Frameworks Used
- The program covers the full CISM body of knowledge: enterprise governance frameworks, ISO/IEC 27001, NIST CSF, risk assessment methodologies, information security strategy development, program metrics, incident classification, business impact analysis, and disaster recovery planning. Participants also work through ISACA's official Review Manual and QAE (Questions, Answers & Explanations) Database.
- Course Delivery Model
- CISM Prep is delivered through a blend of instructor-led lectures by ISACA-certified practitioners, interactive case discussions framed around real-world breaches and governance failures, hands-on risk scenarios, and structured QAE practice sessions. Participants receive access to ISACA's official review materials and a cohort-based study cadence designed to build exam stamina and management-level judgment — not just recall.
Why CISA
Go Anywhere
CISM is recognized worldwide as the preferred credential for security managers. More than 88,000 professionals across 188 countries hold CISM, and it's approved for use under U.S. Department of Defense 8140 cyber workforce roles. Whether you're moving into a CISO track, advising regulated enterprises, or leading security for a government contractor, CISM opens doors in every sector that takes information security seriously.
Enables You
CISM elevates you from team player to leader. It validates your ability to speak the language of the business — translating technical vulnerabilities into board-level risk conversations, aligning security initiatives with enterprise strategy, and communicating ROI to executives who don't read CVEs. It's the credential that proves you can manage, not just operate.
Better Pay
CISM holders earn an average of US$162,300+ annually in North America (per Skillsoft), and CISM is consistently ranked among the highest-paying IT certifications in the Foote Partners IT Skills and Certifications Pay Index. Demand for CISM-certified managers has grown 248% since 2018, and 78% of surveyed organizations expect continued surge in demand for cybersecurity leadership talent.
Achievement
CISM is ANSI-accredited under ISO/IEC 17024:2012 — one of the few security management certifications to meet that international standard for personnel certification bodies. It was recognized as SC Awards North America "Best Professional Certification Program" and listed by CIO.com among the most valuable certifications. Earning CISM signals to regulators, auditors, and boards that your security strategy is in capable hands.
Program Outline
- Enterprise Governance Overview
- Organizational Culture, Structures, Roles and Responsibilities
- Legal, Regulatory, and Contractual Requirements
- Information Security Strategy and Frameworks
- Risk and Threat Landscape Analysis
- Vulnerability and Control Deficiency Analysis
- Risk Assessment, Evaluation, and Response
- Information Security Program Development and Resources
- IS Program Metrics and Performance Management
- Integrating Security with IT Operations
- Incident Management, Classification, and Response Planning
- Incident Investigation, Containment, and Eradication
- Business Impact Analysis and Disaster Recovery
- QAE Practice Sessions and Exam Strategy Labs
Why Divergence
Beyond Content
Our cohort-based model ensures active social learning — not a solo march through recorded videos. Participants work through governance scenarios, debate risk treatment decisions, and build incident response plans alongside peers who bring perspectives from banking, defense, healthcare, and SaaS. You graduate having practiced CISM-level thinking, not just read about it.
Beyond the Classroom
As an ISACA Accredited Training Organization (ATO), Divergence Academy delivers the official CISM Review curriculum with instructors who hold CISM and related ISACA credentials. You receive structured office hours, QAE coaching, exam strategy sessions, and application review support — guidance that extends past the final class into your exam date and beyond.
Beyond Certification
Divergence alumni span veteran technologists, compliance leaders, and enterprise security managers — many working across the Defense Industrial Base, regulated industries, and Fortune 500 security teams. The CISM cohort plugs you into an active community of practitioners who continue sharing governance artifacts, policy templates, and board-reporting examples well after certification.
Beyond One Course
CISM pairs naturally with CISA (audit perspective), CRISC (risk focus), and CDPSE (privacy engineering) for professionals building a full ISACA credential stack. Bundle pricing is available for the tri-cert (CISA + CISM + CRISC) pathway — ideal for GRC leaders building cross-domain authority. Ask about our ISACA tri-cert track.
Certified Information Security Manager (CISM) Prep
A cohort-based virtual live program that prepares you to pass the CISM exam and operate as a strategic information security manager. This course goes beyond exam recall into the managerial judgment ISACA tests — how to establish governance frameworks, treat information risk against business appetite, build a program that delivers ROI, and lead incident response when the board is watching. Includes ISACA official review materials, QAE database access, and the full four-domain curriculum mapped to the 2022 CISM Job Practice.
Frequently Asked Questions (FAQs)
To sit for the CISM exam, ISACA requires no prerequisites — anyone may take the exam. However, to earn the CISM certification, you must document five (5) years of information security work experience, with a minimum of three (3) years in an information security management role across three or more of the four CISM domains, within the 10 years preceding application or within 5 years after passing the exam.
Experience waivers (up to 2 years) are available for:
- A CISA or CISSP in good standing
- A post-graduate degree in information security or related field (1 year)
- One year of information systems management experience
- Skills-based security certifications (CompTIA Security+, GSEC, etc. — 1 year)
- Two years as a full-time university instructor in a related field
For this course, Divergence recommends (not requires):
- At least 3 years of IS/IT security experience
- Familiarity with one or more security frameworks (ISO 27001, NIST CSF, COBIT)
- Basic understanding of risk management concepts
Divergence Academy is an ISACA Accredited Training Organization (ATO) — you register directly with Divergence for the course, and separately with ISACA for the exam. Exam registration fees are paid to ISACA.
CISSP (ISC²) validates broad, technical security practitioner skills across eight domains — it's designed for hands-on security engineers and architects. CISM is uniquely management-focused, validating your ability to govern, strategize, and align security with business goals. Many professionals hold both; CISSP proves you can do security, CISM proves you can lead it.
A CISM-certified professional designs and governs the information security program, manages enterprise information risk against the organization's risk appetite, reports security performance to executives and the board, and leads detection, response, and recovery when incidents occur. Typical titles include CISO, CSO, Security Director, IT Risk Manager, Compliance Manager, and Information Security Consultant.
The exam covers 150 questions across four job practice domains (2022 Job Practice):
- Information Security Governance — aligning security strategy with organizational goals
- Information Security Risk Management — identifying, assessing, and treating information risk
- Information Security Program — building and managing a program that delivers business value
- Incident Management — detection, response, recovery, and business continuity
Virtual Live instructor-led, cohort-based. Sessions are delivered synchronously via Zoom with recordings available for review. Includes ISACA official CISM Review Manual access, QAE database subscription, live domain deep-dives, and exam strategy sessions. Delivered by Divergence Academy as an ISACA Accredited Training Organization.
Course tuition: $3,495 — all-inclusive, paid to Divergence Academy. Includes:
- ISACA official materials: One attempt CISM exam, CISM Review Manual, QAE (Questions, Answers & Explanations) database subscription, and ISACA Self-Study Online Review Course
- ISACA Membership (one year) — unlocks the ISACA member network, free CPE opportunities, and discounted rates on any future exam retakes
- Divergence Academy value-add: Access to our proprietary ISACA Governance Simulations platform — Socratic AI-driven 12-turn interview simulations that test governance judgment across all four CISM domains, with 4-dimension scoring (priority, lens, evidence, boundary) and Mirror Moment blind-spot analysis. Not available anywhere else.
To maintain CISM, you must earn and report a minimum of 120 CPE hours every three-year reporting cycle, with at least 20 CPEs annually. The CISM Review course itself earns up to 14 CPEs (VILT) or 20 CPEs (online review). CISM awards up to one hour of CPE for every one hour of instructor-led training.
You can still take and pass the exam — your CISM certification simply remains pending until you document the required experience (within 5 years of passing). Many candidates use this window to take on information security management responsibilities, knowing the exam is already behind them. Divergence instructors can advise on experience-waiver documentation and career moves that accelerate eligibility.
AI in the flow of training
Train Smarter with the Simulator Platform
Mock assessments. Real-time feedback. Judgment under pressure — not just content recall.