How the DVMS Builds a Behavioral Engine that Continuously Converts Risk into Resilience

How the DVMS Builds a Behavioral Engine that Continuously Converts Risk into Resilience

Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute

Introduction: From Control Systems to Behavioral Engines

In a volatile, uncertain, complex, and ambiguous (VUCA) digital world, organizations cannot depend on static frameworks or prescriptive checklists to manage cyber and operational risk. They need behavioral systems—living architectures that continuously sense, adapt, and respond to changing conditions. The Digital Value Management System® (DVMS), developed by the DVMS Institute, provides precisely that: a behavioral engine that transforms how organizations think, decide, and act in the face of uncertainty. Rather than treating risk as a problem to eliminate, the DVMS views it as the raw material from which resilience is continually produced.

This essay explains how the DVMS builds that behavioral engine by linking culture, systems thinking, and adaptive governance into a continuous feedback loop—an engine that converts every encounter with risk into learning, assurance, and improved resilience.

The Foundation: Risk as Strategy, Not Reaction

The behavioral engine begins with a conceptual shift that the DVMS authors call strategy-risk—the recognition that strategy and risk are not separate functions but a single, inseparable entity. In traditional governance, risk management often trails strategy, identifying exposures after plans have been made. The DVMS reverses this sequence, treating risk itself as a source of strategic insight.

By embedding risk into the core of every decision cycle, the DVMS transforms risk from a reactive control activity into a proactive driver of value creation. This integration is operationalized through the Create–Protect–Deliver (CPD) Model, which connects strategy and governance with governance and execution, ensuring that digital business value is not only created but also protected as it is created. Risk analysis thus becomes a behavioral feedback process—a way to learn how the organization’s structures and actions perform under stress, and how they must adapt to sustain value.

In effect, the DVMS replaces a static “risk register” mindset with a learning loop that transforms uncertainty into organizational intelligence.

Systems Thinking: The Engine’s Design Blueprint

The DVMS behavioral engine is built on systems thinking, a discipline that views the organization as a complex adaptive system (CAS)—a network of interdependent structures, processes, and human behaviors that evolve. Systems thinking provides the mechanical blueprint for converting risk into resilience.

In this model, every component—strategy, operations, culture, technology, and leadership—is both a driver and an outcome of systemic behavior. Changes in one area produce ripple effects throughout the entire system. By mapping these interconnections through the DVMS’s Minimum Viable Capabilities (MVCs)—Govern, Assure, Plan, Design, Change, Execute, and Innovate—the organization can visualize how decisions, behaviors, and outcomes interrelate.

Each capability fuels the next in a dynamic feedback loop:

• Govern establishes intent and policy.
• Assure verifies alignment and performance.
• Plan and Design translate policy into systems and behaviors.
• Change and Execute operationalize adaptation.
• Innovate ensures continual improvement.

Together they form a perpetual behavioral cycle—an engine of adaptation—that channels the organization’s experience with risk into improved performance and resilience.

Culture: The Fuel That Powers the Engine

The DVMS recognizes that the ultimate determinant of resilience is not technology or policy, but organizational culture—the collective beliefs, attitudes, and assumptions that shape behavior. Culture determines whether people perceive risk as a fear to avoid or as an opportunity to learn from.

Through the Cultural Web Model (adapted from Johnson & Scholes) and the 3D Knowledge Model, the DVMS translates culture from an abstract concept into a measurable system of behaviors, structures, and mental models. Leaders use these tools to identify the cultural levers—symbols, power structures, rituals, and control systems—that reinforce or inhibit adaptive behavior.

This approach aligns with the NIST Cybersecurity Framework (CSF) 2.0’s Govern Function, which emphasizes leadership’s role in establishing risk management expectations, roles, and accountability across the enterprise. In DVMS terms, governance is not about compliance oversight; it is behavioral modeling from the top down. The board and executives set the tone by how they think about and respond to risk. The more they model inquiry, transparency, and learning, the more those behaviors cascade through the organization.

Culture thus becomes the fuel of the behavioral engine—constantly burning risk experiences into shared learning and improved collective action.

Assurance: The Feedback System That Converts Energy

If culture is the fuel, assurance is the combustion system—the mechanism that takes energy from risk events and converts it into sound output. The DVMS defines assurance as the organizational capability to ensure that “the right things are done the right way, within defined tolerances”.

Traditional assurance functions (such as audit or compliance) tend to assess performance retrospectively. The DVMS behavioral engine, however, embeds assurance directly into real-time operations through dynamic measurement systems, such as Goal–Question–Metric (GQM) and Question-Outcome–Question-Metric (QO–QM). These methods teach teams to ask better questions, define measurable outcomes, and adjust behavior based on continuous evidence.

The result is a feedback-rich system where risk indicators and performance metrics flow constantly into decision loops. Instead of waiting for quarterly reports, leaders and teams can sense misalignments as they emerge, correct behaviors, and document learning. Over time, these iterative adjustments create behavioral resilience—the capacity to anticipate, absorb, and adapt to disruption without losing mission focus.

The CPD Model: Converting Risk into Resilience in Motion

At the operational core of the behavioral engine lies the Create–Protect–Deliver (CPD) Model. It embodies the principle that digital business value cannot exist without concurrent protection; unprotected value is unsustainable value.

The CPD Model creates a continuous flow of value and learning between governance and execution:

• Create: Strategy and design translate stakeholder expectations into value propositions.
• Protect: Assurance mechanisms evaluate risks, controls, and performance in real time.
• Deliver: Operations execute and feed data back into the governance cycle.

As this loop repeats, every exposure, failure, or near miss becomes input data for system improvement. The organization evolves not by avoiding risk, but by metabolizing it.

This dynamic mirrors the NIST CSF 2.0’s cyclical structure, where the Govern Function informs the Identify, Protect, Detect, Respond, and Recover functions—each operating concurrently and continuously. The DVMS overlays these functions with behavioral depth, turning them from technical controls into living interactions between people, processes, and systems.

Learning and Innovation: The Regenerative Cycle

In nature, resilient systems regenerate. The DVMS ensures the same through Innovation—the highest-order capability in its Minimum Viable Capabilities model. Innovation in this context is not limited to new products or technologies; it encompasses new ways of thinking and behaving.

By embedding innovation as a recurring governance function, the DVMS ensures that the organization not only returns to its previous state after a disruption but also emerges stronger. This aligns with the concept of “adaptive” maturity in NIST’s Tier 4 model, where governance, risk management, and operations are continuously improved through feedback and learning.

The DVMS distinguishes four levels of innovation—incremental, sustaining, adaptive, and disruptive—each representing a behavioral response to changing conditions. As the organization progresses through these levels, its behavioral engine becomes increasingly efficient: minor, iterative adaptations lead to larger, systemic transformations.

The Behavioral Cascade: Making Learning “Sticky”

David Moskowitz and David Nichols describe resilience as “learning that sticks.” To make learning durable, the DVMS establishes a cascade of accountability from governance to the frontline. Policies and values established at the top flow through every management layer, connecting strategic foresight with operational insight. Each feedback loop strengthens the next, creating a self-reinforcing cycle of trust, assurance, and performance.

This behavioral cascade is crucial for resilience. When policies, assurance data, and culture are aligned, individuals at every level can make risk-informed decisions autonomously. The organization no longer reacts from command-and-control hierarchies; it behaves like a synchronized system that senses, decides, and acts as one.

Conclusion: The Emergence of the Resilient Enterprise

The DVMS behavioral engine transforms the very nature of organizational response. It turns risk from a threat to be feared into energy to be harnessed. By uniting systems thinking, cultural intelligence, and adaptive assurance within an integrated governance overlay, the DVMS provides a continuous mechanism for converting the friction of uncertainty into the momentum of resilience.

In practical terms, this means:

• Strategy and risk operate as one.
• Governance and assurance function as a living nervous system.
• Culture becomes measurable, trainable, and self-correcting.
• Operations continuously learn and adapt without losing direction.

The result is an organization capable of thriving on the edge of chaos—where disruption is not the end of stability but the beginning of evolution.

Through its behavioral engine, the DVMS teaches enterprises a simple truth: resilience is not the absence of risk, but the mastery of response. Every interaction, incident, and failure becomes data for improvement. Every act of governance becomes a catalyst for learning. And every behavior, when aligned with purpose and feedback, converts the inevitable turbulence of the digital world into sustained, resilient performance.

About the Author

Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute

Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.

Transforming Cyber Risk into Operational Resilience – DVMS Certified Training Solutions

The DVMS Institute’s Certified Training Solutions teach organizations how to transform the NIST Cybersecurity Framework or any other IT Framework or Standard Based System, into a unified, adaptive, and culture-driven Digital Value Management System® (DVMS)

The DVMS offers organizations a structured pathway for integrating Governance Intent, Operational Execution, and Assurance Evidence, enabling them to demonstrate measurable resilience, regulatory alignment, and stakeholder confidence in a rapidly evolving digital landscape.

Through its MVC, CPD, 3D Knowledge, and FastTrack Models, the DVMS operationalizes a Governance Overlay system that unifies strategy, assurance, and operations, a Behavioral Engine that continuously converts risk into resilience, and a Learning System that measures, adapts, and innovates over time.

DVMS White Papers

• The Assurance Mandate: Moving Beyond GRC to Evidence-Based Operational Resilience
• Assurance in Action: Turning Policy into Organizational Capability
• Governance By Assurance: A Systems Approach to Outcome-Based Regulation

DVMS Institute Certified Training Programs

DVMS Cyber Resilience Awareness Training

The DVMS Cyber Resilience Awareness training provides all employees with a comprehensive understanding of the fundamentals of digital business, its associated risks, the NISTCSF, and their role in protecting organizational digital value. This investment fosters a culture that is prepared to transform systemic cyber risks into operational resilience.

NISTCSF Foundation Certification Training

The DVMS NISTCSF Foundation certification training course provides ITSM, GRC, Cybersecurity, and Business professionals with a detailed understanding of the NIST Cybersecurity Framework and its role as an integrated, adaptive, and culture-driven governance and assurance management system that drives resilient, compliant, and trusted digital outcomes.

DVMS Practitioner Certification Training

The Digital Value Management System® (DVMS) Practitioner certification training course provides ITSM, GRC, Cybersecurity, and Business professionals a detailed understanding of how to transform systemic cyber risk into operational resilience by uniting Fragmented Frameworks and Standards, such as NIST, ITSM, GRC, and ISO, into a holistic, adaptive, and culture-driven Governance, Assurance, and Accountability overlay system that keeps your digital business resilient, no matter the disruption.

DVMS Organizational Benefits

The DVMS doesn’t replace existing frameworks—it connects, contextualizes, and amplifies them, transforming compliance requirements into actionable intelligence that drives and ensures sustained digital operations and performance.

By adopting a DVMS, organizations are positioned to:

• Maintain Operational Stability Amidst Constant Digital Disruption
• Deliver Digital Value and Trust Across A Digital Ecosystem
• Satisfy Critical Regulatory and Certification Requirements
• Leverage Cyber Resilience as a Competitive Advantage

For the CEO, the DVMS provides a clear line of sight between digital operations, business performance, and strategic outcomes—turning governance and resilience into enablers of growth and innovation rather than cost centers.

For the Board of Directors, the DVMS provides ongoing assurance that the organization’s digital assets, operations, and ecosystem are governed, protected, and resilient—supported by evidence-based reporting that directly links operational integrity to enterprise value and stakeholder trust.

For the CIO, the DVMS provides a structured way to align technology investments and operations with measurable business outcomes.

For the CRO, the DVMS provides a way to embed risk and resilience directly into operational processes, turning risk management into a driver of performance and adaptability.

For the CISO, the DVMS provides a continuous assurance mechanism that demonstrates cyber resilience and digital trust across the enterprise and its supply chain.

For Internal and External Auditors, the DVMS provides verifiable proof that the enterprise can maintain operational continuity under stress.

DVMS Explainer Videos

• Architecture Video: David Moskowitz explains the DVMS System
• Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
• Overlay Model – What is an Overlay Model
• MVC ZX Model – Powers the CPD
• CPD Model – Powers  DVMS Operations
• 3D Knowledge Model – Powers the DVMS Culture
• FastTrack Model – Enables A Phased DVMS Adoption

Digital Value Management System® is a registered trademark of the DVMS Institute LLC.

® DVMS Institute 2025 All Rights Reserved