Leveraging the NIST Cybersecurity Framework - a Q & A with the DVMS Institute

I co-founded the institute with David Nichols and David Moskowitz. I am the Chief Product Officer and responsible for the product and corporate strategy.

The Institute’s Mission is to enable organizations of any size to become adaptive,  cyber-resilient digital businesses.

The Institute’s Vision is to create a body of knowledge, accredited certification training programs, and a community of practice that provides organizations of any size the knowledge, skills, and abilities to implement a cybersecurity risk management program that is fit for use, auditable for purpose, and aligned with global cybersecurity standards and regulations.

The Institute’s body of knowledge publications take stakeholders on a journey into the world where the ever-changing cyber threat landscape intersects with digital business risk. The publications are designed to help organizations understand the relationship between cybersecurity and digital business value and how to leverage that relationship to create an adaptive, cyber-resilient digital business enterprise. The publications provide:

• A way to make all employees aware of the fundamentals of digital business value and risk, its threat landscape, the NIST Cybersecurity Framework, and the role they play in deterring digital risk
• The guidance practitioners and business leaders need to communicate with C-Level executives about the business value a NIST Cybersecurity program brings to existing digital business applications and employee productivity programs
• The guidance cybersecurity and risk management practitioners and auditors need to Assess, Engineer, Implement, and Operationalize a NIST Cybersecurity Framework program across an enterprise and its supply chain
• The guidance Governance, Risk, and Assurance teams need to create a top-to-bottom culture of Creating, Protecting, and Delivering digital business value using the NIST Cybersecurity Framework, existing business systems, and the Institutes Create, Protect and Deliver (CPD) Model.

The Institute’s accredited certification training programs are designed to accelerate and scale an organization’s cybersecurity, digital business risk, and NIST Cybersecurity Framework competence. It does this by providing upskilling pathways for all employees within an organization. The NIST Cybersecurity Professional Certification training programs teach:

• The fundamentals of digital business value and risk and the role the NIST Cybersecurity Framework plays in helping organizations mitigate their people, process, and technology risk
• The fundamentals of the NIST Cybersecurity Framework (NIST-CSF) and how it creates a new way to communicate with C-Level executives about the business value a NIST-CSF program brings to existing digital business applications and employee productivity programs
• Practitioner guidance on a Fast-Track approach to assessing, engineering, implementing, and operationalizing the NIST Cybersecurity Framework program across an enterprise and its supply chain
• Practitioner guidance on how to leverage the NIST Cybersecurity Framework, the Institutes DVMS-CPD model, and existing business systems to create a culture-driven, adaptive, cyber-resilient digital business capable of Creating, Protecting, and Delivering digital business value.

The institute’s community of practice enables members to contribute to the DVMS-CPD scheme, share ideas, create events, and expand their professional network.

The NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices. The framework provides a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes, in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context. It has been translated into many languages and is used by several governments and a wide range of businesses and organizations. 

The DVMS Institute publications, certification training programs, and mentoring community teach organizations how to leverage the NIST Cybersecurity Framework, existing business systems, and the Institute DVMS-CPD model to create an Adaptive, Cyber-Resilient digital business capable of Creating, Protecting, and Delivering digital business value.

The NIST Cybersecurity Framework should be at the Center of any organization’s digital business risk management strategy and enterprise risk management program.

The NIST Cybersecurity Professional Program is the industry’s first accredited certification training program that teaches a Fast-Track approach on "HOW" to engineer, operationalize and continually innovate an enterprise-wide cybersecurity risk management program based on the NIST Cybersecurity Framework, existing business systems, and the DVMS-CPD model.

The outcome delivered by the training program are the knowledge, skills and abilities to create an Adaptive, Cyber-Resilient digital business culture capable of Creating, Protecting, and Delivering digital business value. The outcome delivered by this program also enables organizations to meet or exceed local, Federal, or International cybersecurity regulatory requirements.

The DVMS Institute CPD Model provides the blueprint on how to leverage the NIST Cybersecurity Framework and existing business systems to ensure that internal governance and assurance mechanisms are established not only to align with an organization's strategic risk management policies but also with Local, Federal, and International regulatory requirements.

Based on these new regulations, organizations will need to upskill and expand their existing staff (IT, Cybersecurity, and Business Professionals) but also expand their workforce to support this new organizational capability.