How a Digital Value Management System® Transforms Cyber Risk into Operational Resilience
Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute
Introduction: From Risk to Resilience
In today’s digital economy, every organization depends on technology to deliver products and services, connect with stakeholders, and comply with regulatory requirements.
Yet with this dependence comes a growing vulnerability: cyber risk. Breaches, ransomware, insider threats, and supply chain compromises no longer represent isolated technical problems — they are existential business risks that can disrupt operations, erode trust, and trigger regulatory penalties.
Traditional approaches to managing risk often treat cybersecurity as a siloed IT function, disconnected from service management and governance processes. This fragmentation leaves organizations exposed. The Digital Value Management System® (DVMS) offers a different path. By overlaying and integrating existing IT service management (ITSM), governance, risk, compliance (GRC), and cybersecurity programs, the DVMS transforms cyber risk into a foundation for operational resilience.
Cyber Risk as a Strategic Challenge
Cyber risk has evolved far beyond technical exploits. Every digital asset — customer data, payment systems, and supply chain platforms — represents value and vulnerability. If it has value to stakeholders, it has value to attackers. The expanding attack surface, coupled with increasingly sophisticated adversaries, means that prevention alone is insufficient. Organizations must accept that breaches are inevitable and focus on resilience: the ability to withstand, adapt, and recover from disruptions. Operational resilience reframes cybersecurity from a reactive technical problem into a proactive business capability. However, achieving this requires alignment across ITSM, GRC, and cybersecurity — something most organizations lack. The DVMS provides the structure to close these gaps.
The DVMS Overlay: Uniting Fragmented Systems
The DVMS is not another framework to implement or a new method to adopt. It is an overlay system designed to work with what organizations already have. ITSM processes manage service delivery and performance, GRC ensures compliance and risk oversight, and cybersecurity protects digital assets. On their own, these functions are often practical within their silos but lack coordination. The DVMS provides a unifying overlay that exposes gaps, eliminates redundancies, and aligns outcomes to enterprise goals. By connecting value creation (ITSM), value protection (cybersecurity), and value assurance (GRC), the DVMS ensures that cyber risk is managed as an intrinsic part of daily operations. This transformation turns scattered risk management efforts into a cohesive system of resilience.
Systems Thinking: Seeing the Whole, Not the Parts
A cornerstone of the DVMS is systems thinking. Cyber risk cannot be managed effectively if viewed only through technology. The DVMS encourages organizations to see themselves as complex adaptive systems, where people, processes, and technology interact dynamically. A weakness in one area inevitably affects the others. By applying systems thinking, leaders can recognize interdependencies, anticipate cascading failures, and design controls that strengthen resilience across the enterprise. This holistic view shifts the conversation from isolated risk controls to enterprise-wide risk governance, making resilience a shared responsibility across ITSM, GRC, and cybersecurity teams.
Linking to the NIST Cybersecurity Framework 2.0
The DVMS aligns closely with the NIST Cybersecurity Framework (CSF) 2.0, which emphasizes governance, outcomes, and enterprise risk management. While the CSF describes good cybersecurity outcomes, it does not prescribe how to achieve them. The DVMS provides the “how” by operationalizing CSF outcomes across ITSM, GRC, and cybersecurity. For example, the CSF’s Govern function finds practical expression in the DVMS Govern and Assure capabilities, while its Protect and Respond functions align with Execute and Change. By linking directly to the CSF, the DVMS ensures compliance with industry best practices while extending them into an integrated resilience system.
Culture as the Catalyst
No system of resilience can succeed without culture. Technology and processes may enable, but people determine whether resilience takes root. The DVMS explicitly integrates culture as a source of risk and an enabler of resilience. By fostering a culture of accountability, learning, and collaboration, organizations ensure that employees at every level see resilience as part of their role. This cultural shift closes the gap between governance intent and operational reality, embedding resilience into daily decision-making. It transforms cyber risk from a hidden liability into an open, managed, and continuously improved capability.
The DVMS CPD Model: Creating, Protecting, and Delivering Value
At the heart of the DVMS is the CPD Model, which integrates strategy, governance, and execution into a single loop of continual adaptation. The CPD Model recognizes that value creation and value protection are inseparable. Unprotected value is no value at all. By embedding protection directly into the design and delivery of digital services, organizations ensure that resilience is not an afterthought but an outcome of normal operations. This model transforms cyber risk into a by-product of delivering appropriately protected value. Rather than treating resilience as a separate program, the CPD Model operationalizes it as part of everyday business.
The DVMS MVC/ZX Model: Minimum Viable Capabilities for Resilience
The DVMS defines seven Minimum Viable Capabilities (MVC): Govern, Assure, Plan, Design, Change, Execute, and Innovate. Each capability represents a critical dimension of resilience:
- Govern sets direction and risk appetite.
- Assure ensures that operations meet governance expectations.
- Plan translates strategy into adaptive roadmaps.
- Design embeds resilience into service and system development.
- Change manages adaptation in response to threats and opportunities.
- Execute delivers services that are both high-performing and protected.
- Innovate drives continual improvement and cultural learning.
Together, these capabilities ensure that cyber risk management is not reactive but adaptive. By aligning ITSM, GRC, and cybersecurity activities under these seven capabilities, the DVMS creates an operational rhythm that sustains resilience over time.
The DVMS 3D Knowledge Model™ : Connecting the Silos
The 3D Knowledge Model plays a pivotal role in how a DVMS transforms cyber risk into operational resilience by ensuring that knowledge is captured, shared, and applied across three critical dimensions: time, perspective, and culture. It integrates lessons from the past, situational awareness in the present, and foresight into the future, enabling organizations to anticipate risks and adapt proactively. It also bridges perspectives across functions—IT, GRC, cybersecurity, and business leadership—so that risk is no longer seen as a siloed technical issue but as a systemic, enterprise-wide concern. Most importantly, it embeds resilience into the organizational culture, making knowledge not just an artifact but a living capability that shapes behaviors, decisions, and governance. By harnessing these dimensions, the 3D Knowledge Model equips organizations to continuously learn, adapt, and evolve, turning cyber risk from a disruptive threat into a catalyst for building enduring operational resilience.
The DVMS QO/QM: Turning Strategy into Measurable Outcomes
The DVMS QO/QM (Question-Outcome/Question-Metric) is the analytical engine within the Digital Value Management System® (DVMS) that enables organizations to operationalize assurance and continual improvement by turning strategy into measurable outcomes. Built as an evolution of the Goal-Question-Metric (GQM) method and GQM+Strategies, the QO/QM system connects organizational strategy-risk—the unified concept that strategy and risk are inseparable—with governance, assurance, and execution activities. It does this by first defining desired outcomes (“O”) that express what resilient, compliant, and trusted digital performance looks like, then developing precise questions (“Q”) and evidence-based metrics (“M”) to validate whether those outcomes are being achieved.
Within the DVMS architecture—composed of the MVC (Govern, Assure, Plan, Design, Change, Execute, Innovate) and the CPD Model (Create, Protect, Deliver)—the QO/QM system functions as a feedback loop that measures performance, cultural alignment, and assurance maturity across all capabilities. It integrates systems thinking, cultural factors, and continuous learning to make both qualitative and quantitative aspects of resilience measurable. In effect, QO/QM transforms the abstract concepts of governance, culture, and assurance into a quantifiable, adaptive quality management system that links policy intent to operational evidence and enables organizations to continually create and protect digital business value in alignment with the NIST Cybersecurity Framework 2.0
The DVMS FastTrack™ Model: Building Resilience in Phases
Transforming risk into resilience is not a one-time project but a journey. The DVMS introduces the FastTrack™ Model, a phased approach that allows organizations to evolve iteratively:
- Initiate (Phase 0): Establish baselines and readiness.
- Basic Hygiene (Phase 1): Stabilize the environment and close obvious gaps.
- Expand (Phase 2): Optimize processes and integrate across silos.
- Innovate (Phase 3): Embed continual improvement and adaptive resilience.
This approach avoids overwhelming organizations with large-scale change while ensuring steady progress. Each phase builds on existing capabilities, gradually converting cyber risk into embedded resilience that strengthens over time.
Business Outcomes: Why DVMS Matters
The transformation of cyber risk into operational resilience through the DVMS delivers tangible business outcomes:
- Resilience: The ability to recover from disruptions with minimal impact.
- Compliance: Demonstrable adherence to regulatory and audit requirements.
- Trust: Increased confidence from customers, partners, and regulators.
- Performance: Enhanced service reliability and efficiency.
- Adaptability: Continuous innovation and learning in the face of evolving threats.
These outcomes matter because they translate directly into competitive advantage. In markets where disruption is inevitable, resilience becomes a differentiator. In industries under heavy regulation, compliance and assurance are non-negotiable. And in a digital economy where trust is currency, organizations that can demonstrate resilience win stakeholder confidence.
Conclusion: Resilience as the New Standard
Cyber risk is not going away. In fact, it will only grow more complex as technology evolves, and adversaries become more resourceful. The organizations that will thrive in this environment are those that stop treating cybersecurity as a technical afterthought and start treating resilience as a strategic imperative. The DVMS provides the blueprint. By overlaying existing ITSM, GRC, and cybersecurity programs, applying systems thinking, embedding resilience into culture, and operationalizing the NIST CSF, the DVMS transforms cyber risk into operational resilience. This transformation is not just about surviving the next attack — it is about building organizations that can adapt, recover, and continue to deliver trusted digital value no matter what challenges arise. In the digital age, resilience is not optional. With the DVMS, it becomes achievable, measurable, and sustainable.
About the Author
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.
Digital Value Management System® (DVMS) Cyber Resilience Professional Training
Building a DVMS to Govern, Assure, and Account for Strategic Outcomes and Sustained Operational Resilience in Complex Digital Ecosystems
From Visibility to Viability – The Dual Pillars of Cyber Resilience
Explainer Video – The Dual Pillars of Cyber Resilience
As enterprises accelerated their adoption of complex, cloud-native architectures, they encountered a new order of complexity. Infrastructure dissolved into services, workloads became ephemeral, and security boundaries blurred.
In that environment, Wiz emerged as a transformational force in cloud security, offering radical visibility and risk prioritization across multi-cloud ecosystems. At the same time, a broader and more systemic challenge has been unfolding, one that extends beyond misconfigurations and vulnerabilities.
Modern organizations function as dynamic, interconnected digital ecosystems composed of technologies, processes, data flows, and human actors working in constant interaction.
Within this complexity, achieving strategic objectives and sustaining operational resilience, particularly in meeting regulatory obligations, cannot depend on siloed controls or after-the-fact detection mechanisms.
Instead, the fluid and interdependent nature of digital operations requires a cohesive, system-level approach to governance—one that integrates oversight, execution, and accountability into the fabric of how the organization actually operates.
This is the domain in which the Digital Value Management System® (DVMS) operates.
While Wiz redefined how organizations see and secure cloud environments, DVMS is redefining how enterprises govern, assure, and account for strategic outcomes and operational resilience as an integrated dimension of digital business performance.
The Digital Value Management System® (DVMS)
Explainer Video – What is a Digital Value Management System (DVMS)
The DVMS is an overlay system that governs, assures, and accounts for strategic outcomes and sustained operational resilience in complex digital ecosystems.
At its core, the DVMS is a simple but powerful integration of:
- Governance Intent – shared expectations and accountabilities
- Operational Capabilities – how the digital business performs
- Assurance Evidence – proof that outcomes are achieved and accountable
- Cultural Learning – for governance intent and operational capability fine-tuning
Underpinning this integration are the following DVMS models and approaches:
Create, Protect, and Deliver (CPD) – The CPD Model™ is a systems-based model within the DVMS that links strategy-risk and governance to execution to create, protect, and deliver digital business value as an integrated, continuously adaptive capability.
3D Knowledge (3DK) – The 3D Knowledge Model is a systems-thinking framework that maps team knowledge over time (past, present, future), cross-team collaboration, and alignment to strategic intent to ensure that organizational behavior, learning, and execution remain integrated and adaptive in delivering digital business value.
Minimum Viable Capabilities (MVC) – The Minimum Viable Capabilities (MVCs) model supports the seven essential, system-level organizational capabilities—Govern, Assure, Plan, Design, Change, Execute, and Innovate—required to reliably create, protect, and deliver digital business value in alignment with strategy-risk intent.
Question Outcome / Question Metric (QO/QM) – This approach supports governance as testable intent by defining a clear Question Outcome (QO), the specific value or resilience condition that must be true at a given boundary, and pairing it with one or more Question Metrics (QM) that provide observable, decision-relevant evidence that the system can actually create, protect, and deliver that outcome under complex, living system operating conditions
These models and approaches work together to enable three organizational capabilities:
A Governance Overlay that replaces fragmentation with unity. The DVMS provides organizations with a structured way to connect strategy with day-to-day execution. Leaders gain a consistent mechanism to direct, measure, and validate performance across every system responsible for digital value.
A Behavioral Engine that drives high-trust, high-velocity decision-making. The DVMS embeds decision models and behavioral patterns that help teams think clearly and act confidently, even in uncertain situations. It is engineered to reduce friction, prevent blame-based cultures, and strengthen organizational reliability.
A Learning System that makes culture measurable, adaptable, and scalable. Culture becomes a managed asset—not an abstract concept. The DVMS provides a repeatable way to observe behavior, collect evidence, learn from outcomes, and evolve faster than threats, disruptions, or market shifts.
DVMS Benefits – Organizational and Leadership
Explainer Video – DVMS Organization and Leadership Benefits
Instead of replacing existing operational frameworks and platforms, the DVMS elevates them, connecting and contextualizing their data into actionable intelligence that validates performance and exposes the reasons behind unmet outcomes.
By adopting a DVMS, enterprises are positioned to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Deliver Digital Value and Trust Across A Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
The Digital Value Management System (DVMS) provides leaders with a unified, evidence-based approach to governing and enhancing their digital enterprise, aligning with regulatory requirements and stakeholder expectations.
For the CEO, the DVMS provides a clear line of sight between digital operations, business performance, and strategic outcomes—turning governance and resilience into enablers of growth and innovation rather than cost centers.
For the Board of Directors, the DVMS provides ongoing assurance that the organization’s digital assets, operations, and ecosystem are governed, protected, and resilient—supported by evidence-based reporting that directly links operational integrity to enterprise value and stakeholder trust.
For the CIO, CRO, CISO, and Auditors, an integrated, adaptive, and culture-driven governance and assurance management system that enhances digital business performance, resilience, trust, and accountability.
DVMS – Accredited Certification Training Program
Explainer Video – The DVMS Training Pathway to Cyber Resilience
The Digital Value Management System® (DVMS) training programs teach leadership, practitioners, and employees how to integrate fragmented systems into a unified, culture-driven governance and assurance system that accounts for the resilience of digital value within a living digital ecosystem.
DVMS Cyber Resilience Awareness Training
The DVMS Cyber Resilience Awareness course and its accompanying body of knowledge publication educate all employees on the fundamentals of digital business, its associated risks, the NIST Cybersecurity Framework, and their role within a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.
DVMS NISTCSF Cyber Resilience Foundation Certification Training
The DVMS NISTCSF Cyber Resilience Foundation certification training course and its accompanying body of knowledge publications provide ITSM, GRC, Cybersecurity, and Business professionals with a detailed understanding of the NIST Cybersecurity Framework and its role in a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.
DVMS Cyber Resilience Practitioner Certification Training
The DVMS Practitioner certification training course and its accompanying body of knowledge publications teach ITSM, GRC, Cybersecurity, and Business practitioners how to elevate investments in ITSM, GRC, Cybersecurity, and AI business systems by integrating them into a unified governance, resilience, assurance, and accountability system designed to proactively identify and mitigate the cyber risks that could disrupt operations, erode resilience, or diminish client trust.
A FastTrack Approach to Launching Your DVMS Program
Explainer Video – Scaling a DVMS Program
The DVMS FastTrack approach is a phased, iterative approach that helps organizations mature their DVMS over time, rather than trying to do everything simultaneously.
This approach breaks the DVMS journey into manageable phases of success. It all starts with selecting the first digital service you want to make cyber resilient. Once that service becomes resilient, it becomes the blueprint for operationalizing cyber resilience across the enterprise and its supply chain.
DVMS Institute White Papers – The Assurance Mandate Series
Explainer Video – From Compliance Rituals to Evidence-Based Resilience
The whitepapers below present a clear progression from compliance-driven thinking to a modern system of Governance, Resilience, Assurance, and Accountability (GRAA). Together, they define an evidence-based approach to building and governing resilient digital enterprises.
The Assurance Mandate Paper explains why traditional compliance artifacts offer reassurance, not proof, and challenges boards to demand evidence that value can be created, protected, and delivered under stress.
The Assurance in Action Paper shows how DVMS turns intent into execution by translating outcomes into Minimum Viable Capabilities, aligning frameworks through the Create–Protect–Deliver model, and producing measurable assurance evidence of real performance.
The Governing by Assurance Paper extends this model to policy and regulation, positioning DVMS as a learning overlay that links governance intent, operational capability, and auditable evidence—enabling outcome-based governance and proof of resilience through measurable performance data.
Company Brochures and Presentation
Explainer Videos
- DVMS Architecture Video: David Moskowitz explains the DVMS System
- DVMS Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- DVMS Overlay Model – What is an Overlay Model
- DVMS MVC ZX Model – Powers the CPD
- DVMS CPD Model – Powers DVMS Operations
- DVMS 3D Knowledge Model – Powers the DVMS Culture
- DVMS FastTrack Model – Enables A Phased DVMS Adoption
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
