The CISM update is going to be mostly “We don’t know”, sort of stuff.
We do know that the new exam starts November 3rd 2026.
We have some vague wording on changes:
The exam format will include greater emphasis on information security strategy and program development.
The exam will also add two new content areas: enterprise architecture and information security architecture, reflecting the need to understand the technologies under a security manager’s purview.
But, the new exam outline and official materials are not out until September 1st 2026.
Blog post about the change from ISACA: https://support.isaca.org/s/article/Certification-CISM-Job-Practice-Update-2026
Here we also do in-place updates, so if you already have our CISM course, you get the new updated version for free.
We normally have the new course out 2 months before the change, that is just not possible here.
Since we don’t even see the changes until 2 months before the exam update.
Soooo, we are aiming to have the updated content out around the time of the exam change.