IR-OS
Home · Resources

Incident Response Resource Library

36 authoritative guides, templates, and frameworks — from NIST 800-61 to tabletop scenarios to regulatory deadlines. Every piece written to be used, not filed.

Foundations

Start here if you're building or reviewing an IR program.

What is Incident Response?

Definition, lifecycle, phases, and key roles.

What is CIRM?

Cyber Incident Response Management category explained.

Incident Response Plan Template

Build a plan aligned to NIST 800-61 or ISO 27035.

IR Team Roles

Commander, Legal, Comms, Tech Lead, and more.

Incident Command System (Cyber)

Apply ICS to cyber incidents — roles and chain of command.

CISO's Guide to IR

Strategy, board reporting, and metrics for security leaders.

Frameworks & Standards

NIST, ISO, and the major standards every IR program should map to.

NIST 800-61 Framework

The 4-phase IR lifecycle: Prepare, Detect, Respond, Recover.

NIST Cybersecurity Framework (CSF 2.0)

How CSF 2.0's six functions tie into IR.

ISO 27035 Incident Management

International standard for IR — complete implementation guide.

IR Statistics & Benchmarks

Time to detect, time to contain, cost of delay.

IR Metrics That Matter

MTTD, MTTC, MTTR, and board-level metrics.

Defensible Incident Record

Hash-chained ledgers and FRE 901-admissible evidence.

Compliance & Regulatory

Every major breach notification deadline, templates, and regulator requirements.

Breach Notification Requirements

Complete US state, federal, and international deadlines.

GDPR 72-Hour Notification Template

Article 33 ready-to-send template.

HIPAA Breach Notification Guide

The 60-day rule explained with edge cases.

Cybersecurity Compliance Guide

Overview of major frameworks and regulations.

Security Audit Guide

Audit types, process, and preparation.

Incident Types

Deep-dive response guides for the incident types you're most likely to see.

What is a Data Breach?

Causes, costs, and response guide.

What is a Security Breach?

Types, examples, and response steps.

Ransomware Response Checklist

First 24 hours of a ransomware incident.

Ransomware Recovery

Step-by-step restoration and hardening.

Ransomware Response Plan

Build a ready-to-execute ransomware playbook.

Ransomware Protection

Prevention, detection, and response prep.

Insider Threat Response

Malicious, negligent, and compromised insiders.

Exercises & Readiness

Tabletop scenarios, drills, and after-action templates.

Cyber Tabletop Exercise Scenarios

10 ready-to-run scenarios for executive teams.

Cyber Drill Guide

Planning, execution, and lessons learned.

After-Action Review Guide

Run AARs that actually drive change.

Operations & Platforms

Software, retainers, DFIR, and insurance — the operational side of IR.

Incident Response Software

Evaluation criteria and platform comparison.

Incident Management Platform

What to look for in 2026.

IR Retainer Guide

When and how to engage an IR retainer firm.

DFIR Guide

Digital forensics and incident response integration.

Cyber Insurance + IR

Carrier-first reporting, panel vendors, coverage.

AI in Incident Response

How AI augments (not replaces) IR teams.

Vulnerability Assessment

Identify and prioritize security gaps.

Business Continuity

How IR connects to disaster recovery, business continuity, and enterprise risk.

Business Continuity & IR

Integrating BCP with incident response.

Disaster Recovery & IR

Differences, overlap, and integration.

Want a plan without reading 36 guides?

IR-OS generates a full, regulator-mapped incident response plan in 15 minutes. No blank page, no 6-week consulting project.

Start Your 10-Day Free Trial →