How the DVMS Builds a Behavioral Engine that Continuously Converts Risk into Resilience

How the DVMS Builds a Behavioral Engine that Continuously Converts Risk into Resilience

Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute

Introduction: From Control Systems to Behavioral Engines

In a volatile, uncertain, complex, and ambiguous (VUCA) digital world, organizations cannot depend on static frameworks or prescriptive checklists to manage cyber and operational risk. They need behavioral systems—living architectures that continuously sense, adapt, and respond to changing conditions. The Digital Value Management System® (DVMS), developed by the DVMS Institute, provides precisely that: a behavioral engine that transforms how organizations think, decide, and act in the face of uncertainty. Rather than treating risk as a problem to eliminate, the DVMS views it as the raw material from which resilience is continually produced.

This essay explains how the DVMS builds that behavioral engine by linking culture, systems thinking, and adaptive governance into a continuous feedback loop—an engine that converts every encounter with risk into learning, assurance, and improved resilience.

The Foundation: Risk as Strategy, Not Reaction

The behavioral engine begins with a conceptual shift that the DVMS authors call strategy-risk—the recognition that strategy and risk are not separate functions but a single, inseparable entity. In traditional governance, risk management often trails strategy, identifying exposures after plans have been made. The DVMS reverses this sequence, treating risk itself as a source of strategic insight.

By embedding risk into the core of every decision cycle, the DVMS transforms risk from a reactive control activity into a proactive driver of value creation. This integration is operationalized through the Create–Protect–Deliver (CPD) Model, which connects strategy and governance with governance and execution, ensuring that digital business value is not only created but also protected as it is created. Risk analysis thus becomes a behavioral feedback process—a way to learn how the organization’s structures and actions perform under stress, and how they must adapt to sustain value.

In effect, the DVMS replaces a static “risk register” mindset with a learning loop that transforms uncertainty into organizational intelligence.

Systems Thinking: The Engine’s Design Blueprint

The DVMS behavioral engine is built on systems thinking, a discipline that views the organization as a complex adaptive system (CAS)—a network of interdependent structures, processes, and human behaviors that evolve. Systems thinking provides the mechanical blueprint for converting risk into resilience.

In this model, every component—strategy, operations, culture, technology, and leadership—is both a driver and an outcome of systemic behavior. Changes in one area produce ripple effects throughout the entire system. By mapping these interconnections through the DVMS’s Minimum Viable Capabilities (MVCs)—Govern, Assure, Plan, Design, Change, Execute, and Innovate—the organization can visualize how decisions, behaviors, and outcomes interrelate.

Each capability fuels the next in a dynamic feedback loop:

• Govern establishes intent and policy.
• Assure verifies alignment and performance.
• Plan and Design translate policy into systems and behaviors.
• Change and Execute operationalize adaptation.
• Innovate ensures continual improvement.

Together they form a perpetual behavioral cycle—an engine of adaptation—that channels the organization’s experience with risk into improved performance and resilience.

Culture: The Fuel That Powers the Engine

The DVMS recognizes that the ultimate determinant of resilience is not technology or policy, but organizational culture—the collective beliefs, attitudes, and assumptions that shape behavior. Culture determines whether people perceive risk as a fear to avoid or as an opportunity to learn from.

Through the Cultural Web Model (adapted from Johnson & Scholes) and the 3D Knowledge Model, the DVMS translates culture from an abstract concept into a measurable system of behaviors, structures, and mental models. Leaders use these tools to identify the cultural levers—symbols, power structures, rituals, and control systems—that reinforce or inhibit adaptive behavior.

This approach aligns with the NIST Cybersecurity Framework (CSF) 2.0’s Govern Function, which emphasizes leadership’s role in establishing risk management expectations, roles, and accountability across the enterprise. In DVMS terms, governance is not about compliance oversight; it is behavioral modeling from the top down. The board and executives set the tone by how they think about and respond to risk. The more they model inquiry, transparency, and learning, the more those behaviors cascade through the organization.

Culture thus becomes the fuel of the behavioral engine—constantly burning risk experiences into shared learning and improved collective action.

Assurance: The Feedback System That Converts Energy

If culture is the fuel, assurance is the combustion system—the mechanism that takes energy from risk events and converts it into sound output. The DVMS defines assurance as the organizational capability to ensure that “the right things are done the right way, within defined tolerances”.

Traditional assurance functions (such as audit or compliance) tend to assess performance retrospectively. The DVMS behavioral engine, however, embeds assurance directly into real-time operations through dynamic measurement systems, such as Goal–Question–Metric (GQM) and Question-Outcome–Question-Metric (QO–QM). These methods teach teams to ask better questions, define measurable outcomes, and adjust behavior based on continuous evidence.

The result is a feedback-rich system where risk indicators and performance metrics flow constantly into decision loops. Instead of waiting for quarterly reports, leaders and teams can sense misalignments as they emerge, correct behaviors, and document learning. Over time, these iterative adjustments create behavioral resilience—the capacity to anticipate, absorb, and adapt to disruption without losing mission focus.

The CPD Model: Converting Risk into Resilience in Motion

At the operational core of the behavioral engine lies the Create–Protect–Deliver (CPD) Model. It embodies the principle that digital business value cannot exist without concurrent protection; unprotected value is unsustainable value.

The CPD Model creates a continuous flow of value and learning between governance and execution:

• Create: Strategy and design translate stakeholder expectations into value propositions.
• Protect: Assurance mechanisms evaluate risks, controls, and performance in real time.
• Deliver: Operations execute and feed data back into the governance cycle.

As this loop repeats, every exposure, failure, or near miss becomes input data for system improvement. The organization evolves not by avoiding risk, but by metabolizing it.

This dynamic mirrors the NIST CSF 2.0’s cyclical structure, where the Govern Function informs the Identify, Protect, Detect, Respond, and Recover functions—each operating concurrently and continuously. The DVMS overlays these functions with behavioral depth, turning them from technical controls into living interactions between people, processes, and systems.

Learning and Innovation: The Regenerative Cycle

In nature, resilient systems regenerate. The DVMS ensures the same through Innovation—the highest-order capability in its Minimum Viable Capabilities model. Innovation in this context is not limited to new products or technologies; it encompasses new ways of thinking and behaving.

By embedding innovation as a recurring governance function, the DVMS ensures that the organization not only returns to its previous state after a disruption but also emerges stronger. This aligns with the concept of “adaptive” maturity in NIST’s Tier 4 model, where governance, risk management, and operations are continuously improved through feedback and learning.

The DVMS distinguishes four levels of innovation—incremental, sustaining, adaptive, and disruptive—each representing a behavioral response to changing conditions. As the organization progresses through these levels, its behavioral engine becomes increasingly efficient: minor, iterative adaptations lead to larger, systemic transformations.

The Behavioral Cascade: Making Learning “Sticky”

David Moskowitz and David Nichols describe resilience as “learning that sticks.” To make learning durable, the DVMS establishes a cascade of accountability from governance to the frontline. Policies and values established at the top flow through every management layer, connecting strategic foresight with operational insight. Each feedback loop strengthens the next, creating a self-reinforcing cycle of trust, assurance, and performance.

This behavioral cascade is crucial for resilience. When policies, assurance data, and culture are aligned, individuals at every level can make risk-informed decisions autonomously. The organization no longer reacts from command-and-control hierarchies; it behaves like a synchronized system that senses, decides, and acts as one.

Conclusion: The Emergence of the Resilient Enterprise

The DVMS behavioral engine transforms the very nature of organizational response. It turns risk from a threat to be feared into energy to be harnessed. By uniting systems thinking, cultural intelligence, and adaptive assurance within an integrated governance overlay, the DVMS provides a continuous mechanism for converting the friction of uncertainty into the momentum of resilience.

In practical terms, this means:

• Strategy and risk operate as one.
• Governance and assurance function as a living nervous system.
• Culture becomes measurable, trainable, and self-correcting.
• Operations continuously learn and adapt without losing direction.

The result is an organization capable of thriving on the edge of chaos—where disruption is not the end of stability but the beginning of evolution.

Through its behavioral engine, the DVMS teaches enterprises a simple truth: resilience is not the absence of risk, but the mastery of response. Every interaction, incident, and failure becomes data for improvement. Every act of governance becomes a catalyst for learning. And every behavior, when aligned with purpose and feedback, converts the inevitable turbulence of the digital world into sustained, resilient performance.

About the Author

Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute

Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.

Digital Value Management System® (DVMS)

An Adaptive, Culture-Driven Governance, Resilience, Assurance, and Accountability (GRAA) System

A Digital Value Management System (DVMS) enables organizations of any size or complexity to operate with an adaptive, culture-driven Governance, Resilience, Assurance, and Accountability (GRAA) system that ensures Cybersecurity, GRC, ITSM, and AI programs consistently deliver the outcomes expected by boards, executive leaders, and government regulators—even under stress.

Through a structured, intelligence-driven integration of Governance Intent, Operational Capability, and Assurance Evidence, the DVMS provides executive leadership and auditors with explicit confirmation that digital transformation initiatives are delivering their intended outcomes.

Through its MVC, CPD, 3D Knowledge, and FastTrack Models, the DVMS operationalizes a:

• Governance Overlay system that unifies strategy, assurance, and operations
• Behavioral Engine that transforms how organizations think, decide, and act in uncertainty
• Learning System that measures, adapts, and innovates culture over time.

DVMS White Papers

• The Assurance Mandate –  Moving to Evidence-Based Operational Resilience
• Assurance in Action –  Turning Policy into Organizational Capability
• Governance By Assurance –  A Systems Approach to Outcome-Based Regulation

DVMS Organizational Benefits

Instead of replacing existing operational frameworks, the DVMS elevates them—connecting and contextualizing their data into actionable intelligence that validates performance and exposes the reasons behind unmet outcomes.

By adopting a DVMS, organizations are positioned to:

• Maintain Operational Stability Amidst Constant Digital Disruption
• Deliver Digital Value and Trust Across A Digital Ecosystem
• Satisfy Critical Regulatory and Certification Requirements
• Leverage Cyber Resilience as a Competitive Advantage

DVMS Leadership Benefits

• For the CEO, the DVMS provides a clear line of sight between digital operations, business performance, and strategic outcomes—turning governance and resilience into enablers of growth and innovation rather than cost centers.
• For the Board of Directors, the DVMS provides ongoing assurance that the organization’s digital assets, operations, and ecosystem are governed, protected, and resilient—supported by evidence-based reporting that directly links operational integrity to enterprise value and stakeholder trust.
• For the CIO, CRO, CISO, and Auditors: an integrated, adaptive, and culture-driven governance and assurance management system that enhances digital business performance, resilience, trust, and accountability

DVMS Institute Certified Training Programs

DVMS Cyber Resilience Awareness Training

The DVMS Cyber Resilience Awareness training teaches all employees the fundamentals of digital business, its associated risks, the NISTCSF, and their role as part of a culture responsible for protecting digital business performance, resilience, and trust. This investment fosters a culture that is prepared to transform systemic cyber risks into operational resilience.

DVMS NISTCSF Foundation Certification Training

The DVMS NISTCSF Foundation certification training course teaches ITSM, GRC, Cybersecurity, and Business professionals a detailed understanding of the NIST Cybersecurity Framework and its role in an integrated, adaptive, and culture-driven governance and assurance management system that drives digital business performance, resilience, trust, and accountability.

DVMS Cyber Resilience Practitioner Certification Training

The DVMS Practitioner certification training course teaches ITSM, GRC, Cybersecurity, and Business professionals how to assess, design, implement, operationalize, and continually innovate a Digital Value Management System® program that integrates fragmented frameworks such as NIST, ITSM, and GRC into an adaptive and culture-driven governance and assurance system that enhances digital business performance, resilience, trust, and accountability.

DVMS Brochures

• Company Brochure
• Product Brochure
• Company Presentation

DVMS Explainer Videos

• Architecture Video: David Moskowitz explains the DVMS System
• Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
• Overlay Model – What is an Overlay Model
• MVC ZX Model – Powers the CPD
• CPD Model – Powers  DVMS Operations
• 3D Knowledge Model – Powers the DVMS Culture
• FastTrack Model – Enables A Phased DVMS Adoption

Digital Value Management System® is a registered trademark of the DVMS Institute LLC.

® DVMS Institute 2025 All Rights Reserved