Governing Operational Resilience in Modern Digital Enterprises

Designing an Adaptive Governance Overlay that Orchestrates Resilient, Assured, and Accountable Digital Outcomes

From Visibility to Viability

The Dual Pillars of Cyber Resilience Governance

As enterprises accelerated their adoption of complex, cloud-native architectures, they encountered a new order of complexity. Infrastructure dissolved into services, workloads became ephemeral, and security boundaries blurred. Wiz emerged as a transformational force in cloud technical security, offering radical visibility and risk prioritization across multi-cloud ecosystems.

At the same time, a broader and more consequential challenge emerged, one that extends well beyond isolated technical misconfigurations or discrete vulnerabilities.

Modern organizations function as dynamic, highly interconnected digital ecosystems shaped by siloed frameworks, technologies, applications, processes, data flows, and human actors, all operating in continuous interaction.

Within this complexity, risks and outcomes do not reside within individual components alone; they emerge at the boundaries where systems, processes, and dependencies interact.

This is the domain in which the Digital Value Management System® (DVMS) operates.

The DVMS Institute is redefining how enterprises govern, assure, and account for resilience as an integrated dimension of digital business performance.

Governing Resilient, Assured, and Accountable Digital Outcomes

Digital Value Management System® (DVMS)

The DVMS is an adaptive governance overlay system that orchestrates resilient, assured, and accountable digital outcomes.

Instead of replacing existing operational frameworks and systems, the DVMS elevates them, connecting and contextualizing their data into actionable intelligence that enables organizations to:

– Maintain Operational Stability Amidst Constant Digital Disruption

– Deliver Digital Value and Trust Across Complex Digital Ecosystems

– Satisfy Critical Regulatory and Certification Requirements

At its core, the DVMS is a simple but powerful integration of governance intent, operational capabilities, assured evidence, and continuous learning, powered by the following models:

Create, Protect, and Deliver (CPD) – This systems-based model within the DVMS links strategy to risk and governance to execution, thereby setting up the creation, protection, and delivery of digital value as an integrated, continuously adaptive organizational capability.

Minimum Viable Capabilities (MVC) – This model supports the seven essential, system-level organizational capabilities of Govern, Assure, Plan, Design, Change, Execute, and Innovate to reliably create, protect, and deliver digital value at organizational boundaries, aligned with strategy-risk intent.

3D Knowledge (3DK) – This model supports a systems-thinking approach to cross-team knowledge and collaboration, aligned with strategic intent, to ensure organizational behavior, learning, and execution remain integrated and adaptive in creating, protecting, and delivering digital value.

Question Outcome / Question Metric (QO/QM) – The QO/QM approach supports governance as testable intent by defining a clear Question Outcome (QO), with one or more Question Metrics (QM) that provide observable, decision-relevant evidence that the system can actually deliver the intended outcomes in the organizational living digital system

These models work together to drive the DVMS-GRAA engine listed below.

Governance, Resilience, Assurance, and Accountability (GRAA)

The DVMS GRAA Engine

The DVMS-GRAA adaptive governance engine orchestrates resilient, assured, and accountable digital outcomes through three distinctive organizational capabilities.

A Governance Overlay that replaces fragmentation with unity. The DVMS provides organizations with a structured way to connect strategy with day-to-day execution. Leaders gain a consistent mechanism to direct, measure, and validate performance across every system responsible for digital value.

A Behavioral Engine that drives high-trust, high-velocity decision-making. The DVMS embeds decision models and behavioral patterns that help teams think clearly and act confidently, even in uncertain situations. It is engineered to reduce friction, prevent blame-based cultures, and strengthen organizational reliability.

A Learning System that makes culture measurable, adaptable, and scalable. Culture becomes a managed asset rather than an abstract concept. DVMS provides a repeatable way to observe behavior, collect evidence, learn from outcomes, and evolve faster than threats, disruptions, or market shifts.

Leveraging Cyber Resilience as a Competitive Advantage

DVMS Benefits

For the CEO, the DVMS provides a clear line of sight between digital operations, business performance, and strategic outcomes, turning governance and resilience into enablers of growth and innovation rather than cost centers.

For the Board of Directors, the DVMS provides ongoing assurance that the organization’s digital assets, operations, and ecosystem are governed, protected, and resilient, supported by evidence-based reporting that directly links operational integrity to enterprise value and stakeholder trust.

For the CIO, CRO, CISO, and Auditors, the DVMS provides a unified approach to organizational digital value management, operational resilience, and regulatory compliance.

APMG International Accredited and NCSC/GCHQ Certified

DVMS Training Programs

The DVMS Institute’s accredited and certified training programs equip enterprises with the skills to build an adaptive governance overlay that orchestrates resilient, assured, and accountable digital outcomes.

Through structured learning, applied certification, and authoritative publications, the Institute teaches a disciplined, outcome-driven approach to managing resilience as an integrated dimension of digital business performance.

DVMS Cyber Resilience Awareness Training

The DVMS Cyber Resilience Awareness non-certification course and its accompanying body of knowledge publication educate all employees on the fundamentals of digital business, its associated risks, the NIST Cybersecurity Framework, and their role within a shared model of governance, resilience, assurance, and accountability for resilience in complex digital ecosystems.

DVMS NISTCSF Cyber Resilience Foundation Certification Training

The DVMS NISTCSF Cyber Resilience Foundation certification training course and its accompanying body of knowledge publications provide ITSM, GRC, Cybersecurity, and Business professionals with a detailed understanding of the NIST Cybersecurity Framework and its role in a shared model of governance, resilience, assurance, and accountability for achieving resilience in complex digital ecosystems.

DVMS Cyber Resilience Practitioner Certification Training

The DVMS Practitioner certification training course and its accompanying body of knowledge publications teach ITSM, GRC, Cybersecurity, and Business practitioners how to build a unified governance, resilience, assurance, and accountability system designed to operationalize resilience in complex digital ecosystems.

Scaling a DVMS Program One Service at a Time

Launching a DVMS Program

The DVMS FastTrack is a phased, iterative approach that helps organizations mature a DVMS program over time, rather than trying to do everything simultaneously. This approach breaks the DVMS journey into manageable phases of success.

It all starts with selecting the first digital service you want to operationalize with the new DVMS capabilities. That service will then serve as the blueprint for operationalizing DVMS across the remaining services.

Governing Resilient, Assured, and Accountable Energy Sector Outcomes

Dr. Joseph Baugh shares his DVMS NIST Cybersecurity Framework Success Story

Guidehouse Security, Dr. Joseph Baugh shares his story on how his DVMS certification training enabled him to help a large energy company become compliant with TSA’s Directive for Pipeline Security

From Compliance rituals to Evidence-Based Resilience

Assurance Mandate Papers

The whitepapers below present a clear progression from compliance-driven thinking to a modern system of Governance, Resilience, Assurance, and Accountability (GRAA). Together, they define an evidence-based approach to building and governing resilient digital enterprises.

The Assurance Mandate Paper explains why traditional compliance artifacts offer reassurance, not proof, and challenges boards to demand evidence that value can be created, protected, and delivered under stress.

The Assurance in Action Paper shows how DVMS turns intent into execution by translating outcomes into Minimum Viable Capabilities, aligning frameworks through the Create–Protect–Deliver model, and producing measurable assurance evidence of real performance.

The Governing by Assurance Paper extends this model to policy and regulation, positioning DVMS as a learning overlay that links governance intent, operational capability, and auditable evidence—enabling outcome-based governance and proof of resilience through measurable performance data.

Aligning organizational strategy, governance, operations, and culture

Building a digital Value Management system®

DVMS Institute Chief Content Architect David Moskowitz, shares his insights on how the DVMS seamlessly aligns organizational strategy, governance, operations, and culture into an integrated overlay system that ensures digital value outcomes.

An Adaptive Overlay System that Governs Resilient, Assured, and Accountable Digital outcomes

DVMS and the NIST-CSF

Rick Lemieux, the DVMS Institute’s Chief Product Officer, shares his insights on how the NIST Cybersecurity Framework (NISTCSF) integrates with the DVMS to drive resilient digital business operations across a complex digital supply chain.

They are the Heartbeat of the Institute

Our Graduates share their Training Experience

The NIST Cyber Security Framework certification that I earned this past summer supported the successful completion of a project my employer, Guidehouse Security won to help an energy company become compliant with the recently issued TSA Security Directive for Pipeline Security (2022 July 27, SD02C: Section I.1, p. 2; see also Section II.B, p. 5). This engagement required not only detailed knowledge of the NIST Framework but the application of the NIST 800-53 controls called out in the framework. We will continue to apply the sound principles, and lessons learned that underlie the NIST Cybersecurity Framework certification process.

Dr. Joseph BaughAssociate Director, Risk, Compliance, & Security Energy, Sustainability and Infrastructure Practice

"THERE IS NO BETTER TRAINING AVAILABLE FOR GRC PROFESSIONALS AND IT AUDITORS" Although this program focuses on Cybersecurity Risk Management, it is the direction the entire GRC and IT Audit needs to shift towards. The systems thinking perspective and mental model approach is something that I practice and study extensively and has contributed to my personal success as a scientist, Cybersecurity Governance Advisor, and GRC professional. I'm very happy to see science and Socratic Inquiry in a technical course. Using a question/goals-based approach is not leveraged heavily in our field; therefore observing this being used in this program is both refreshing and eye-opening. I'm rarely moved and influenced by training organizations due to their limited and myopic viewpoints, but I truly believe you all are on the brink of something amazing and gamechanging. If we can create virtual labs and demonstrative scenarios to accompany this program, I'd dare say that you'd be in a league of your own!

Dr. Blake Curtis CGEIT, CRISC, CISM, CISA, CISSP, CDPSE, COBITAmazon

The NIST Cybersecurity Framework Foundation course was worth the effort. I find so much value in pursuing the APGM International NIST Cyber Security Framework Foundation Training. It is a disciplined approach to understanding and applying a sound governance process for Information Security. For an introduction it is really comprehensive.

Belkis HerreraAudit Consultant

“I was well prepared and passed the DVMS Institute NIST Cybersecurity Framework Boot Camp exam on the first try. The courses helped me understand how to leverage the NIST Cybersecurity Framework to help organizations Create, protect and Deliver digital business value. The instructor, Patrick von Schlag did a great job in presenting the materials and connecting it back to real-world examples. Thank you, Lori and Rick, for all help! I will highly recommend the courses to my colleagues across the globe”

Nag H. KosuruCybersecurity Consultant

"From the beginning of the online NIST Cybersecurity Framework Bootcamp course, right through to the processing of my certificate, the itSM Solutions experience was trouble-free. The training was well-organised, the content structure ensured it was easy to follow and due to the added flexibility of being online, I was able to complete the course in my own time. With easy-listening videos, course handouts that provide extra content, and quizzes designed to help solidify knowledge, the Bootcamp was a great learning experience and one that I have, and would recommend to my colleagues!

Emily Raine Major-GoldsmithCybersecurity Consultant

“Sitting the NIST Cybersecurity Framework online courses and taking the exams has allowed us to re-model our business to not only offer better cyber security solutions, but more importantly improve our communication with clients and assist them in implementing a proper cybersecurity framework based on the NIST-CSF.”

JBCybersecurity Consultant

The program quickly identified the role that management plays when it comes to implementing and operationalizing an organizational digital value management program. The Z-X Model helped me understand the basic business functions that need to be in place for organizations to Create, Protect and Deliver digital business value

India StevensonCybersecurity Consultant

Accreditation, Publishing and Reseller Partnerships

Our Strategic Partners

The DVMS Institutes programs have been adopted by governments and businesses across the globe

meet our amazing team

The Faces Behind our Success

100+ Years of Experience

David Nichols

Executive Director, DVMS Institute

Rick Lemieux

Executive Director, Programs

David Moskowitz

Executive Director,
Content Architect

Lori Perrault

Director,
Operations

Patrick Von Schlag

Director,
Global Services

Mike Battistella

Director,
Government Solutions

Building an Adaptive Governance System that facilitates resilient, assured, and accountable digital value outcomes

More information:

About

FAQ

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.