Modernizing ITSM – Shifting from Reactive to Resilient Cyber Operations

David Moskowitz – Founder Member and Chief Content Architect, at the DVMS Institute

IT service management (ITSM) wasn’t designed to manage the full scope of digital business risk. Yet many organizations behave as if it does.

Frameworks that support service management, like ITIL, VeriSM, and FitSM, continue to evolve. Governance frameworks such as COBIT also contribute, but with a different emphasis. The guidance is clear, but implementation often stalls, leaving a gap between vision and execution. The Digital Value Management System® (DVMS) helps close that gap.

The DVMS is not a new framework. It’s an overlay. It works with what already exists, adding structure and alignment without disruption. Rather than replace existing practices, it connects them to broader organizational goals. It connects long-term goals to day-to-day execution, translating strategy into results.

From Reactive Utility to Resilient Capability

Most ITSM programs focus on uptime, ticket flow, and process compliance. While these are important, they rarely deliver the value business leaders recognize or prioritize. To many executives and board members, ITSM remains part of the technical infrastructure, a domain that ensures continuity but doesn’t drive strategy. That mindset is precisely what the DVMS challenges, by helping ITSM practices connect to organizational goals like resilience, trust, and business outcomes.

Business leaders care about growth, customer confidence, resilience under pressure, and measurable outcomes that support enterprise priorities. They want to know that digital services are stable and relevant risks are understood, visible, and appropriately managed.

Traditional ITSM tools weren’t built for that. They focus on process execution, not managing digital business risk or measuring trust. Frameworks encourage systems thinking and value co-creation, but they still describe themselves as ‘best practice’, a model rooted in past success. That orientation can lag behind emerging needs. The DVMS overlay becomes essential because it exposes gaps between what frameworks describe and what strategic and operational intent demand.

Why ITSM Frameworks Fall Short

Modern ITSM frameworks offer strong guidance. But translating guidance into daily action remains difficult.

The problem isn’t with the frameworks. It’s the way organizations apply them, or fail to.

Silos persist and priorities can conflict. Culture often gets overlooked or treated as incidental.

The DVMS addresses these challenges directly. It overlays practical structures on what’s already in use. These include methods for aligning teams, assuring outcomes, and integrating risk into daily decisions. It doesn’t rip and replace. It fills the gaps that frameworks leave behind.

What the DVMS Adds

The DVMS overlay includes five essential components that reshape how organizations think about ITSM, risk, and value.

1. Governance, Resilience, and Assurance (GRA)
   GRA treats resilience as an organizational capability. It embeds assurance into daily decisions, not just audits. It also reframes governance as delivering value and ensuring it is appropriately protected. Without the right level of protection, value becomes fragile, exposed, or unsustainable.
2. Strategy-Risk Integration
   The DVMS combines strategy and risk into a single decision model: strategy-risk. Every strategic decision must account for risk, and every risk-related issue must be evaluated in light of strategic goals. This approach replaces the disconnected “strategy here, risk there” thinking with a cohesive framework that guides tradeoffs, priorities, and protection. The result is alignment, with decisions that reflect both ambition and accountability.
3. Seven Minimum Viable Capabilities (MVC)
   The DVMS identifies seven capabilities that every organization demonstrates, regardless of size, location, or sector. These capabilities may be referred to by different names and applied with varying degrees of rigor. Everything an organization currently does corresponds to one or more of these capabilities.

• Govern – Ensure decision-making structures are clear and aligned to strategic outcomes.
• Assure – Build confidence that risk is managed and expectations are met.
• Plan – Set direction based on priorities and risk appetite.
• Design – Structure services and systems to create and protect value.
• Change – Adapt intentionally and minimize disruption.
• Execute – Deliver with consistency and transparency.
• Innovate – Balance small incremental improvements with disruptive strategic breakthroughs.

4. 3D Knowledge Model
   The DVMS 3D Knowledge Model addresses two inseparable perspectives that together enable organizations to break down silos, align strategy with execution, and foster a culture of collaboration and resilience.

Perspective 1: Teams, Alignment, and Execution focuses on how teams work, independently and together, to deliver value while staying aligned with strategic goals.

Perspective 2: System Behavior, Structure, and Leadership focuses on how leaders shape the organization as a system, including how structure and behavior influence, and are influenced by, culture. Culture is not a standalone component; it emerges from how leadership curates, reinforces, and models behavior.

5. QO–QM (Question Outcome, Question Metric)
   This method links questions to outcomes. Teams ask whether results are fit for purpose and use, then verify with shared evidence. The DVMS acknowledges that implementer and auditor perspectives must be present throughout the entire lifecycle to create, protect, and deliver value effectively. This dual perspective helps reduce system blind spots and strengthens assurance across digital value delivery.

Culture Emerges from Leadership

Leadership is the foundation of any organizational initiative. It determines the existing or emerging culture and whether adopting a framework leads to meaningful change or wasted effort. The DVMS treats culture not as an afterthought but as a core element, embedded into every capability, influencing how teams work, decisions are made, and change takes hold.

Teams that learn, adapt, and own outcomes build trust. They avoid the resistance, confusion, and rework often resulting from top-down mandates lacking context or buy-in.

Leadership defines what gets rewarded, what gets ignored, and how teams interpret risk and responsibility. The DVMS supports this by equipping leaders to align expectations, shape behaviors, and reinforce the outcomes they want to see.

The DVMS helps them do this without new org charts or tools.

From Metrics to Meaningful Outcomes

The value of ITSM isn’t how many tickets get closed. It’s the confidence and trust stakeholders have in the resilience and reliability of the services that support outcomes, assured by evidence and accountability.

The DVMS helps teams shift focus. Instead of asking, “Did we follow the process?” they ask, “Did the process help us protect what matters: trust, resilience, and the outcomes we depend on?”

This elevates compliance as one part of assurance, reframes control as enablement, and positions the DVMS, not ITSM alone, as a strategic approach to managing risk and delivering value.

Use What You Have

The DVMS works with existing investments. It doesn’t replace frameworks; rather, it helps teams use them more effectively and efficiently.

If you already track performance, DVMS links it to value. If you have a risk model, the DVMS brings that model into everyday decision-making, where it can guide priorities and tradeoffs.

It also reinforces strategy-risk thinking, ensuring that every risk decision is grounded in strategic purpose and that every strategic initiative is risk-informed. It reveals what’s missing: misalignment, gaps in assurance, and the disconnect between expectations and delivery.

Start Small, Scale What Works

You don’t need to do everything at once.

Start with culture. Understand how people work, decide, and learn.

Map current practices to the seven capabilities. Align strengths and gaps to the outcomes that matter.

Introduce assurance through QO–QM. Begin with one or two critical services. Link strategic intent to operational reality.

Then scale and build on what works.

A Smarter Path Forward

Digital business risk isn’t going away. Neither is the demand for speed, resilience, and trust.

The DVMS gives ITSM leaders a way to meet those demands. It builds on what exists. It brings trust, assurance, and shared outcomes – the things that matter – into daily activities.

It helps organizations shift from reactive service management to resilient value delivery.

That’s not a new framework. It’s a more innovative way to use the ones you already have.

About the Author

David Moskowitz –  Founding Member and Chief Content Architect, at the DVMS Institute

David is a Founding Member and Executive Director of the DVMS Institute LLC. He is the lead author of the “Digital Value Management System®” publication series which include the *Fundamentals of Adopting the NIST Cybersecurity Framework* and *A Practitioner’s Guide to Adapting the NIST Cybersecurity Framework*, and Thriving on the Edge of Chaos published by TSO

Cyber Resilience Certified Training

Teaching Organizations How to Govern, Assure, and Account for Digital Value Resilience Across Complex Supply Chains

Explainer Video – Paper vs. Living System Governing by Assurance

Despite abundant frameworks and dashboards, leaders still struggle to see how digital value streams perform under real-world stress.

Intent, structure, and day-to-day behavior are examined in isolation, creating flat views that hide how decisions and human responses interact in a living digital system.

The result is governance that appears robust on paper but breaks down in execution, forcing leaders to manage fragmented controls rather than assure and account for resilient, system-level performance

What’s missing in an overlay management system designed to Govern, Assure, and Account for Resilient digital value resilience across a complex digital ecosystem.

The Digital Value Management System® (DVMS) to the rescue.

Digital Value Management System® (DVMS)

An Overlay Management System designed to Govern, Assure, and Account for Resilient Digital Value Across Complex Supply Chains

Explainer Video – What is a Digital Value Management System (DVMS)

The Digital Value Management System® (DVMS) training programs teach leadership, practitioners, and employees how to integrate fragmented frameworks and systems such as NISTCSF, GRC, ITSM, and AI into a unified, culture-driven governance and assurance system that accounts for the resilience of their living digital system.

A DVMS enables organizations of any size, scale or complexity to:

• Govern through risk-informed decision-making
• Sustain Resilience through a proactive and adaptive culture
• Measure Performance Assurance through evidence-based outcomes
• Ensure Accountability by making intent, execution, and evidence inseparable

At its core, the DVMS is a simple but powerful integration of:

• Governance Intent – shared expectations and accountabilities
• Operational Capabilities – how the digital business actually performs
• Assurance Evidence – proof that outcomes are achieved and accountable
• Cultural Outcomes – that align people, decisions, and behaviors

Through its MVC, CPD, 3D Knowledge, and FastTrack Models, a DVMS turns this integration into three distinctive capabilities:

A Governance Overlay that replaces fragmentation with unity. The DVMS provides organizations with a structured way to connect strategy with day-to-day execution. Leaders gain a consistent mechanism to direct, measure, and validate performance—across every system responsible for digital value.

A Behavioral Engine that drives high-trust, high-velocity decision-making. The DVMS embeds decision models and behavioral patterns that help teams think clearly and act confidently, even in uncertain situations. It is engineered to reduce friction, prevent blame-based cultures, and strengthen organizational reliability.

A Learning System that makes culture measurable, adaptable, and scalable. Culture becomes a managed asset—not an abstract concept. The DVMS provides a repeatable way to observe behavior, collect evidence, learn from outcomes, and evolve faster than threats, disruptions, or market shifts.

The People and Culture That Power a DVMS

Explainer Video – The Human Engine of DVMS

Delivering the outcomes of a DVMS requires coordinated action across an enterprise’s strategy, governance, and operational layers.

Each of these business layers contains unique roles that, when aligned, enable organizations to protect digital assets while delivering sustained digital value and resilience.

Together, these roles create an adaptive, risk-informed, and resilient culture capable of thriving in a complex and chaotic digital business environment. 

Scaling A DVMS Program – Start Small

Explainer Video – Scaling a DVMS Program

The DVMS FastTrack Model is a phased, iterative approach that helps organizations adopt and mature their Digital Value Management System over time, rather than trying to do everything simultaneously. This approach breaks the DVMS journey into manageable phases of success.

DVMS Program Benefits

Explainer Video – DVMS Organization and Leadership Benefits

DVMS Organizational Benefits

Instead of replacing existing operational frameworks, the DVMS elevates them—connecting and contextualizing their data into actionable intelligence that validates performance and exposes the reasons behind unmet outcomes.

By adopting a DVMS, organizations are positioned to:

• Maintain Operational Stability Amidst Constant Digital Disruption
• Deliver Digital Value and Trust Across A Digital Ecosystem
• Satisfy Critical Regulatory and Certification Requirements
• Leverage Cyber Resilience as a Competitive Advantage

DVMS Leadership Benefits

The Digital Value Management System (DVMS) provides leaders with a unified, evidence-based approach to governing and enhancing their digital enterprise, aligning with regulatory requirements and stakeholder expectations.

For the CEO, the DVMS provides a clear line of sight between digital operations, business performance, and strategic outcomes—turning governance and resilience into enablers of growth and innovation rather than cost centers.

For the Board of Directors, the DVMS provides ongoing assurance that the organization’s digital assets, operations, and ecosystem are governed, protected, and resilient—supported by evidence-based reporting that directly links operational integrity to enterprise value and stakeholder trust.

For the CIO, CRO, CISO, and Auditors: an integrated, adaptive, and culture-driven governance and assurance management system that enhances digital business performance, resilience, trust, and accountability.

The DVMS Certified Training Programs

Explainer Video – The DVMS Training Pathway to Operational Cyber Resilience

The DVMS Institute’s certification training programs and body-of-knowledge publications equip leaders, practitioners, and employees with the skills to govern operational cyber-resilience through an evidence-based system that assures and accounts for digital value outcomes.

Grounded in real-world governance challenges and aligned with NIST CSF 2.0, the DVMS Institute’s training programs teach organizations how to build measurable capability, transparent accountability, and defensible confidence in decision-making.

Through structured learning, applied certification, and authoritative publications, the Institute advances a disciplined, outcome-driven approach to managing digital risk, performance, and resilience as an integrated system.

DVMS Cyber Resilience Awareness Training

The DVMS Cyber Resilience Awareness course and its accompanying body of knowledge publication educate all employees on the fundamentals of digital business, its associated risks, the NIST Cybersecurity Framework, and their role within a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.

This investment fosters a culture that is prepared to operate within a system capable of transforming systemic cyber risks into operational resilience.

DVMS NISTCSF Cyber Resilience Foundation Certification Training

The DVMS NISTCSF Cyber Resilience Foundation certification training course and its accompanying body of knowledge publications provide ITSM, GRC, Cybersecurity, and Business professionals with a detailed understanding of the NIST Cybersecurity Framework and its role in a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.

This investment fosters IT, GRC, Cybersecurity, and Business professionals with the skills to operate within a system capable of transforming systemic cyber risks into operational resilience.

DVMS Cyber Resilience Practitioner Certification Training

The DVMS Practitioner certification training course and its accompanying body of knowledge publications teach ITSM, GRC, Cybersecurity, and Business practitioners how to elevate investments in ITSM, GRC, Cybersecurity, and AI business systems by integrating them into a unified governance, resilience, assurance, and accountability system designed to proactively identify and mitigate the cyber risks that could disrupt operations, erode resilience, or diminish client trust.

This investment fosters IT, GRC, Cybersecurity, and Business practitioners with the skills to assess, design, implement, operationalize, and continually innovate a Digital Value Management System® program that operationalizes a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.

The Assurance Mandate White Paper Series

Explainer Video –  Why GRAA is the Next Evolution of GRC

The whitepapers below present a clear progression from compliance-driven thinking to a modern system of Governance, Resilience, Assurance, and Accountability (GRAA). Together, they define an evidence-based approach to building and governing resilient digital enterprises.

The Assurance Mandate Paper explains why traditional GRC artifacts offer reassurance, not proof, and challenges boards to demand evidence that value can be created, protected, and delivered under stress.

The Assurance in Action Paper shows how DVMS turns intent into execution by translating outcomes into Minimum Viable Capabilities, aligning frameworks through the Create–Protect–Deliver model, and producing measurable assurance evidence of real performance.

The Governing by Assurance Paper extends this model to policy and regulation, positioning DVMS as a learning overlay that links governance intent, operational capability, and auditable evidence—enabling outcome-based governance and proof of resilience through measurable performance data.

Company Brochures and Presentation

• DVMS Company Brochure
• DVMS Product Brochure
• DVMS Company Presentation

Explainer Videos

• DVMS Architecture Video: David Moskowitz explains the DVMS System
• DVMS Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
• DVMS Overlay Model – What is an Overlay Model
• DVMS MVC ZX Model – Powers the CPD
• DVMS CPD Model – Powers  DVMS Operations
• DVMS 3D Knowledge Model – Powers the DVMS Culture
• DVMS FastTrack Model – Enables A Phased DVMS Adoption

Digital Value Management System® is a registered trademark of the DVMS Institute LLC.

® DVMS Institute 2025 All Rights Reserved