Using a 3D Knowledge Model to Enable Cyber Operational Resilience

David Nichols – Co-Founder and Executive Director of the DVMS Institute

In today’s climate of increasing uncertainty—whether economic, geopolitical, cyber, or operational—the key strategic question for leaders is no longer, “Are we optimized?” but rather, “Are we resilient?”

Optimization has limits. Resilience does not.

Many organizations struggle to operationalize resilience. It becomes a buzzword rather than a behavior, often buried under initiatives labeled “agile,” “secure,” or “digital.” What’s missing is a way to make resilience visible, measurable, and repeatable across the enterprise. This is where the 3D Knowledge Model, viewed through the dual perspectives of IT Service Management (ITSM) and the Digital Value Management System (DVMS), becomes transformative.

These aren’t opposing perspectives. They are complementary, and when understood together, create a new kind of adaptive governance and assurance system that enables operational resilience:  coherence.

Let’s explore how.

The 3D Knowledge Model: A Dual-Lens View

The DVMS Institute Thriving on the Edge of Chaos publication presents the 3D Knowledge Model as a tool to help organizations understand complexity by organizing learning, decision-making, and action along three axes.

• Z-Axis – Strategic Intent (or Leadership, in the reframed model)
• Y-Axis – Governance and Oversight (or Structure)
• X-Axis – Operational Capability (or Behavior)

From an ITSM perspective, this model might seem abstract—until you realize that ITIL practices are behaviors on the X-axis, guided by structures like change control boards or service portfolios on the Y-axis, and ideally aligned with strategic business goals on the Z-axis.

From the DVMS perspective, the 3D model is the core concept of digital value management. It doesn’t just illustrate how capabilities exist—it helps leaders evaluate whether those capabilities align with the organization’s declared goals and emerging circumstances.

These two perspectives—tactical capability management (ITSM) and strategic value orchestration (DVMS)—set the stage for developing genuine resilience.

Why Resilience Requires Both Lenses

ITSM alone cannot create resilience. It can only manage what’s known.

DVMS alone cannot execute resilience. It provides the logic but needs operational reach.

Resilience resides in integration—when governance becomes adaptive, assurance is continuous, and value creation stays sustainable despite disruptions. Think of it this way:

• The DVMS makes sure the system is targeting the correct outcomes.
• ITSM guarantees the system functions properly to achieve those outcomes.

Both perspectives utilize the 3D Knowledge Model to maintain coherence across leadership, structure, and behavior.

GRA as an Emergent Property of the 3D Model

In Thriving on the Edge of Chaos, GRA is framed as a continuous capability, not a point-in-time certification or audit outcome. It emerges from the congruence between what leadership values (Z), what structure supports (Y), and what teams actually do (X).

Let’s break this down:

1. Governance (Y-Axis)

Traditional governance relies on predictability. But in complex environments, prescriptive governance can become fragile. What’s needed is adaptive governance—flexible, context-aware decision-making that adapts through feedback.

The 3D model guides governance to:

• Be anchored in strategic outcomes (Z-axis), not just compliance
• Enable operational teams, not constrain them
• Embed real-time visibility and system learning

In ITSM terms, this involves shifting from strict change control to flexible, risk-based change enablement. Governance transforms into a facilitator of flow, not an obstacle.

2. Resilience (System Outcome)

Resilience is often mistaken for robustness or redundancy. However, in DVMS terms, resilience refers to the organizational ability to adapt without losing its capacity to Create, Protect, and Deliver (CPD) digital business value.

The 3D Knowledge Model helps leaders ask:

• Are behaviors aligned with the strategic narrative?
• Are structures reinforcing or resisting necessary change?
• Is leadership creating clarity or confusion?

Where misalignment occurs, resilience diminishes. Where the system adapts coherently, resilience is amplified.

In ITSM language, this means:

• Continual improvement isn’t a side effort—it’s the nervous system
• Incident and problem management feed upward into policy
• Capacity management evolves into adaptive capability management

3. Assurance (Y & Z-Axis)

In legacy systems, assurance mainly looks back: audit trails, compliance evidence, and security checklists.

In GRA, assurance is proactive. It answers the question: Can we trust this system to behave as intended under stress?

The 3D model enables assurance to be:

• Context-aware (not checklist-driven)
• Strategically anchored (not silo-optimized)
• Behaviorally confirmed (via evidence of congruence)

ITSM contributes here with service reporting, continual improvement, risk registers, and metrics. DVMS extends this by showing whether those indicators are actually meaningful at the organizational level.

Bringing It Together: The System Is the Behavior

One of the key ideas from Thriving on the Edge of Chaos is that the system is always consistent—it either coherently creates value or coherently generates risk. There is no neutral state.

This is where the power of the dual-lens 3D model comes alive.

If ITSM practices are misaligned with the leadership narrative, the system will operate as designed but not as intended.

If governance policies reward control over adaptation, the system will become fragile, even if metrics look green.

If behavior contradicts declared values, culture is exposed as cosmetic.

The 3D model makes these gaps visible. It doesn’t judge—it reveals.

Case in Point: A Resilience Failure in Waiting

Let’s take a hypothetical (but common) example.

A manufacturing company has partially adopted an ITSM framework. Its service catalog, change processes, and compliance audits make it “mature” from an ITSM perspective.

But from the DVMS view, we find:

• Strategic priorities are unclear or conflicting (Z-axis)
• Governance is siloed and overly risk-averse (Y-axis)
• Teams bypass process to meet delivery targets (X-axis)

What appears to be mature is actually brittle. The system is coherently misaligned.

Now, imagine applying the dual-lens 3D model:

• Leadership redefines outcomes around resilience, not uptime
• Governance aligns metrics to adaptability and flow
• ITSM practices evolve to reinforce cross-functional learning

The system begins to shift. Assurance becomes visible. Risk becomes actionable. Resilience becomes real.

Making It Practical: Three Steps to Apply the Dual Model

Here’s how leaders and ITSM practitioners can begin applying this thinking:

Step 1: Map Capabilities to the MVC (Minimum Viable Capabilities)

• Use the DVMS method to evaluate whether your organization meets the minimum requirements needed to Create, Protect, and Deliver value under changing conditions.
• Crosswalk these with ITIL practices to find overlaps, gaps, and blind spots.

Step 2: Use the 3D Model to Assess Congruence

• Ask: Is our governance (structure) helping or hindering our intent?
• Ask: Do our behaviors reflect our declared values?
• Map misalignments across Z, Y, and X axes.

Step 3: Reframe GRA as a System, Not a Function

• Design GRA behaviors across all three axes—not just policies or audits
• Empower leaders to become stewards of coherence, not just compliance
• Evolve ITSM from service delivery to value resilience

Final Thought: Resilience Is Not a Project—It’s a Pattern

The next disruption is approaching. It could be cyber, climate, supply chain, or regulatory. You won’t have time to build resilience in the moment. You’ll only have what your system already knows how to do.

Using the 3D Knowledge Model—through both the DVMS approach and ITSM disciplines—establishes the conditions for resilience to develop as a system pattern, not a department, not a dashboard, but a living behavior system.

That behavior is your best assurance.

That alignment is your best governance.

That coherence is your real culture.

And that, ultimately, is how you thrive on the edge of chaos.

About the Author

Dave is the Executive Director of the DVMS Institute.

Dave spent his “formative years” on US Navy submarines. There, he learned complex systems, functioning in high-performance teams, and what it takes to be an exceptional leader. He took those skills into civilian life and built a successful career leading high-performance teams in software development and information service delivery.

In today’s digitally driven economy, cyber disruptions are no longer an “if” but a “when.”

The DVMS Institute’s Certified Training Programs teach organizations the skills to build a Holistic and Culture-Aligned Overlay System capable of coordinating Adaptive, Cyber Operations Governance, Resilience, and Assurance across a Complex Digital Ecosystem.

Achieving true cyber resilience across a complex digital ecosystem requires seamless alignment between organizational Strategy, Governance, and Operations, underpinned by a culture dedicated to sustaining and continuously innovating organizational digital value.

The DVMS positions cyber resilience as a strategic, enterprise-wide capability powered by the Institute’s CPD, Z-X, and 3D Knowledge models.

This systems-based approach to cyber operational resilience demands active engagement from all members of the Digital Ecosystem, with each member playing a distinct role in proactively identifying and mitigating the systemic risks that threaten digital business operations.

This adaptive, forward-looking approach to Governance, Resilience, and Assurance (GRA) positions businesses to:

• Maintain Operational Stability Amidst Constant Digital Disruption
• Drive Agility and Trust Across Your Digital Ecosystem
• Satisfy Critical Regulatory and Certification Requirements
• Leverage Cyber Resilience as a Competitive Advantage

DVMS Explainer Videos

• Architecture Video: David Moskowitz explains the DVMS System
• Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
• Overlay Model – What is an Overlay Model
• ZX Model – The MVC’s that power operational resilience
• CPD Model – Adaptable governance and assurance
• 3D Knowledge Model – Enabling holistic organizational learning
• FastTrack Model – A phased approach to cyber resilience

Digital Value Management System® is a registered trademark of the DVMS Institute LLC.

® DVMS Institute 2025 All Rights Reserved