Modernizing ITSM – Shifting from Reactive to Resilient Cyber Operations
David Moskowitz – Founder Member and Chief Content Architect, at the DVMS Institute
IT service management (ITSM) wasn’t designed to manage the full scope of digital business risk. Yet many organizations behave as if it does.
Frameworks that support service management, like ITIL, VeriSM, and FitSM, continue to evolve. Governance frameworks such as COBIT also contribute, but with a different emphasis. The guidance is clear, but implementation often stalls, leaving a gap between vision and execution. The Digital Value Management System® (DVMS) helps close that gap.
The DVMS is not a new framework; it’s an overlay. It works with what already exists, adding structure and alignment without disruption. Rather than replacing existing practices, it connects them to broader organizational goals. It helps close the gap between strategic intent and operational delivery.
From Reactive Utility to Resilient Capability
Most IT Service Management (ITSM) programs emphasize uptime, ticket flow, and process compliance metrics. While these aspects are essential, they often fail to provide the value that business leaders recognize or prioritize. For many executives and board members, ITSM is viewed merely as a component of the technical infrastructure, necessary to ensure continuity but not integral to strategic direction. This mindset is precisely what the Digital Value Management System (DVMS) seeks to change by aligning ITSM practices with organizational goals such as resilience, trust, and improved business outcomes.
Business leaders care about growth, customer confidence, resilience under pressure, and measurable outcomes that support enterprise priorities. They want to know that digital services are stable and that relevant risks are understood, visible, and appropriately managed.
Traditional ITSM tools weren’t built for that. They focus on process execution, not managing digital business risk or measuring trust. While ITSM frameworks encourage systems thinking and value co-creation, they still describe themselves as ‘best practice’, a model rooted in past success. That orientation can lag emerging needs. The DVMS overlay becomes essential because it exposes gaps between what frameworks describe and what strategic and operational intent demand.
Why ITSM Frameworks Fall Short
Modern ITSM frameworks offer strong guidance. But translating guidance into daily action remains difficult.
The problem isn’t with the frameworks. It’s the way organizations apply them or fail to.
Silos persist and priorities conflict. Culture often gets overlooked or treated as incidental.
The DVMS addresses these challenges directly. It overlays practical structures on what’s already in use. These include methods for aligning teams, assuring outcomes, and integrating risk into daily decisions. It doesn’t rip and replace. It fills the gaps that frameworks leave behind.
What the DVMS Adds
The DVMS overlay includes five essential components that reshape how organizations think about ITSM, risk, and value.
- Governance, Resilience, and Assurance (GRA)
GRA treats resilience as an organizational capability. It embeds assurance into daily decisions, not just audits. It also reframes governance as delivering value and ensuring it is appropriately protected. Without the right level of protection, value becomes fragile, exposed, or unsustainable. - Strategy-Risk Integration
The DVMS combines strategy and risk into a single decision model: strategy-risk. Every strategic decision must account for risk, and every risk-related issue must be evaluated considering strategic goals. This approach replaces the disconnected “strategy here, risk there” thinking with a cohesive framework that guides tradeoffs, priorities, and protection. The result is alignment, with decisions that reflect both ambition and accountability. - Seven Minimum Viable Capabilities (MVC)
The DVMS formalizes seven capabilities:
- Govern – Ensure decision-making structures are clear and aligned to strategic outcomes.
- Assure – Build confidence that risk is managed and expectations are met.
- Plan – Set direction based on priorities and risk appetite.
- Design – Structure services and systems to create and protect value.
- Change – Adapt intentionally and minimize disruption.
- Execute – Deliver with consistency and transparency.
- Innovate – Balance small improvements with strategic breakthroughs.
- 3D Knowledge Model
The DVMS 3D Knowledge Model addresses two inseparable perspectives that together enable organizations to break down silos, align strategy with execution, and foster a culture of collaboration and resilience.
Perspective 1: Teams, Alignment, and Execution focuses on how teams work, independently and together, to deliver value while staying aligned with strategic goals.
Perspective 2: System Behavior, Structure, and Culture
focuses on how the organization functions as a system, shaping and reflecting its culture.
- QO–QM (Question Outcome, Question Metric)
This method links questions to outcomes. Teams ask whether results are fit for purpose and use, then verify with shared evidence. The DVMS acknowledges that implementer and auditor perspectives must be present throughout the entire lifecycle to create, protect, and deliver value effectively. This dual perspective helps reduce system blind spots and strengthens assurance across digital value delivery.
Culture: The Make-or-Break Factor
Culture is the foundation of any organizational initiative. It is the make-or-break factor that determines whether adopting a framework leads to meaningful change or wasted effort. The DVMS treats culture not as an afterthought but as a core element embedded into every capability, influencing how teams work, decisions are made, and change takes hold.
Teams that learn, adapt, and take ownership of outcomes build trust. They avoid resistance, confusion, and rework often resulting from top-down mandates lacking context or buy-in.
Leadership sets the tone and accountability. When leaders support cultural alignment, change is easier to scale.
The DVMS helps them do this without new org charts or tools.
From Metrics to Meaningful Outcomes
The value of ITSM isn’t how many tickets get closed. It’s the confidence and trust stakeholders have in the resilience and reliability of the services that support outcomes, assured by evidence and accountability.
The DVMS helps teams shift focus. Instead of asking, “Did we follow the process?” they ask, “Did the process help us protect what matters: trust, resilience, and the needed outcomes?”
This elevates compliance as one part of assurance, reframes control as enablement, and positions the DVMS, not ITSM alone, as a strategic overlay for managing risk and delivering value.
Use What You Have
The DVMS works with existing investments. It doesn’t replace ITSM frameworks; it helps teams use them more effectively and efficiently.
If you already track performance, DVMS links it to value. If you have a risk model, DVMS embeds it in daily decisions.
The DVMS reinforces strategy-risk thinking, ensuring that every risk decision is grounded in strategic purpose and that every strategic initiative is risk-informed. It reveals what’s missing: misalignment, gaps in assurance, and the disconnect between expectations and delivery.
Start Small, Scale What Works
You don’t need to do everything at once.
Start with culture. Understand how people work, decide, and learn.
Map current practices to the seven capabilities. Align strengths and gaps to the outcomes that matter.
Introduce assurance through QO–QM. Begin with one or two critical services. Link strategic intent to operational reality.
Then scale and build on what works.
A Smarter Path Forward
Digital business risk isn’t going away. Neither is the demand for speed, resilience, and trust.
The DVMS overlay gives ITSM leaders a way to meet those demands. It builds on what exists, embeds what matters, and helps organizations shift from reactive service to resilient value delivery.
That’s not a new framework. It’s a more innovative way to use the ones you already have.
About the Author
David Moskowitz – Founding Member and Chief Content Architect, at the DVMS Institute
David is a Founding Member and Executive Director of the DVMS Institute LLC. He is the lead author of the “Digital Value Management System®” publication series which include the *Fundamentals of Adopting the NIST Cybersecurity Framework* and *A Practitioner’s Guide to Adapting the NIST Cybersecurity Framework*, and Thriving on the Edge of Chaos published by TSO
In today’s digitally driven economy, cyber disruptions are no longer an “if” but a “when.”
The DVMS Institute’s Certified Training Programs teach organizations the skills to build a Holistic and Culture-Aligned Overlay System capable of coordinating Adaptive, Cyber Operations Governance, Resilience, and Assurance across a Complex Digital Ecosystem.
Achieving true cyber resilience across a complex digital ecosystem requires seamless alignment between organizational Strategy, Governance, and Operations, underpinned by a culture dedicated to sustaining and continuously innovating organizational digital value.
The DVMS positions cyber resilience as a strategic, enterprise-wide capability powered by the Institute’s CPD, Z-X, and 3D Knowledge models.
This systems-based approach to cyber operational resilience demands active engagement from all members of the Digital Ecosystem, with each member playing a distinct role in proactively identifying and mitigating the systemic risks that threaten digital business operations.
This adaptive, forward-looking approach to Governance, Resilience, and Assurance (GRA) positions businesses to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Drive Agility and Trust Across Your Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
DVMS Explainer Videos
- Architecture Video: David Moskowitz explains the DVMS System
- Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- Overlay Model – What is an Overlay Model
- ZX Model – The MVC’s that power operational resilience
- CPD Model – Adaptable governance and assurance
- 3D Knowledge Model – Enabling holistic organizational learning
- FastTrack Model – A phased approach to cyber resilience
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved