Rick Lemieux, co-founder of the DVMS Institute, explains how the DVMS Institute helps businesses use the NIST Cybersecurity Framework.
Could you tell us a little about the DVMS institute and how you are involved?
I co-founded the institute with David Nichols and David Moskowitz. I am the Chief Product Officer and responsible for the product and corporate strategy.
The Institute’s Mission is to enable organizations of any size to become adaptive, cyber-resilient digital businesses.
The Institute’s Vision is to create a body of knowledge, accredited certification training programs, and a community of practice that provides organizations of any size the knowledge, skills, and abilities to implement a cybersecurity risk management program that is fit for use, auditable for purpose, and aligned with global cybersecurity standards and regulations.
The Institute’s body of knowledge publications take stakeholders on a journey into the world where the ever-changing cyber threat landscape intersects with digital business risk. The publications are designed to help organizations understand the relationship between cybersecurity and digital business value and how to leverage that relationship to create an adaptive, cyber-resilient digital business enterprise. The publications provide:
- A way to make all employees aware of the fundamentals of digital business value and risk, its threat landscape, the NIST Cybersecurity Framework, and the role they play in deterring digital risk
- The guidance practitioners and business leaders need to communicate with C-Level executives about the business value a NIST Cybersecurity program brings to existing digital business applications and employee productivity programs
- The guidance cybersecurity and risk management practitioners and auditors need to Assess, Engineer, Implement, and Operationalize a NIST Cybersecurity Framework program across an enterprise and its supply chain
- The guidance Governance, Risk, and Assurance teams need to create a top-to-bottom culture of Creating, Protecting, and Delivering digital business value using the NIST Cybersecurity Framework, existing business systems, and the Institutes Create, Protect and Deliver (CPD) Model.
The Institute’s accredited certification training programs are designed to accelerate and scale an organization’s cybersecurity, digital business risk, and NIST Cybersecurity Framework competence. It does this by providing upskilling pathways for all employees within an organization. The NIST Cybersecurity Professional Certification training programs teach:
- The fundamentals of digital business value and risk and the role the NIST Cybersecurity Framework plays in helping organizations mitigate their people, process, and technology risk
- The fundamentals of the NIST Cybersecurity Framework (NIST-CSF) and how it creates a new way to communicate with C-Level executives about the business value a NIST-CSF program brings to existing digital business applications and employee productivity programs
- Practitioner guidance on a Fast-Track approach to assessing, engineering, implementing, and operationalizing the NIST Cybersecurity Framework program across an enterprise and its supply chain
- Practitioner guidance on how to leverage the NIST Cybersecurity Framework, the Institutes DVMS-CPD model, and existing business systems to create a culture-driven, adaptive, cyber-resilient digital business capable of Creating, Protecting, and Delivering digital business value.
The institute’s community of practice enables members to contribute to the DVMS-CPD scheme, share ideas, create events, and expand their professional network.
What is the NIST Cyber Security Framework? And can you tell us more about how is it connected to the DVMS Institute?
The NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices. The framework provides a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes, in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context. It has been translated into many languages and is used by several governments and a wide range of businesses and organizations.
The DVMS Institute publications, certification training programs, and mentoring community teach organizations how to leverage the NIST Cybersecurity Framework, existing business systems, and the Institute DVMS-CPD model to create an Adaptive, Cyber-Resilient digital business capable of Creating, Protecting, and Delivering digital business value.
Where should the NIST Cyber Security Framework fit into an organization’s digital business strategy?
The NIST Cybersecurity Framework should be at the Center of any organization’s digital business risk management strategy and enterprise risk management program.
You mentioned the NIST Cyber Security Professional certification program – how is it different from other training in the marketplace?
The NIST Cybersecurity Professional Program is the industry’s first accredited certification training program that teaches a Fast-Track approach on "HOW" to engineer, operationalize and continually innovate an enterprise-wide cybersecurity risk management program based on the NIST Cybersecurity Framework, existing business systems, and the DVMS-CPD model.
How can businesses benefit from the NIST Cyber Security Professional certification program?
The outcome delivered by the training program are the knowledge, skills and abilities to create an Adaptive, Cyber-Resilient digital business culture capable of Creating, Protecting, and Delivering digital business value. The outcome delivered by this program also enables organizations to meet or exceed local, Federal, or International cybersecurity regulatory requirements.
Why would you recommend an individual look at this training programme?
The DVMS Institute CPD Model provides the blueprint on how to leverage the NIST Cybersecurity Framework and existing business systems to ensure that internal governance and assurance mechanisms are established not only to align with an organization's strategic risk management policies but also with Local, Federal, and International regulatory requirements.
Based on these new regulations, organizations will need to upskill and expand their existing staff (IT, Cybersecurity, and Business Professionals) but also expand their workforce to support this new organizational capability.
APMG Connect
You can find out more about the training and certification on the NIST Cyber Security Professional product page. You can also watch this episode of APMG Connect to hear more about why the NIST Cybersecurity framework is crucial to a successful cyber strategy.