RESOURCES · DOCUMENT HUB

The Library.

Five companion documents, supporting decks, source files, and contribution guides.

Read each document online or download a print-ready PDF. Everything here is released under CC BY 4.0 with code samples under MIT — fork it, ship it, attribute it.

SeriesIR 2.0

Documents5

Version0.1.0 · 2026

LicenseCC BY 4.0

The Series

Read online · Download PDF

Read The Four Pillars

01 The Framework

The Four Pillars.

Governance, Architecture, Technology, Culture — the load-bearing structure of IR 2.0, the Calm Loop that ties them together, and the six first principles that govern every decision.

5 pages Editorial →

PDF

Read Crawl, Walk, Run

02 The Roadmap

Crawl, Walk, Run.

A phased adoption path from insurable to proactive. Each stage names its deliverables, transition points, and the metrics that prove it landed.

5 pages Roadmap →

PDF

Read The Insurability Cheat-Code

03 The Gap Assessment

The Insurability Cheat-Code.

Seven baseline controls, six underwriter-facing evidence areas, and a five-minute self-assessment that helps organize cyber-insurance application conversations.

3 pages Reference →

PDF

Read 30/60/90 Day Plan

04 The Program

30 / 60 / 90 Day Plan.

Week-by-week tasks small enough to finish in an afternoon and load-bearing enough to compound. Three checkpoints. One working IR 2.0 program in a quarter.

4 pages Workbook →

PDF

Read Top 5 Playbook Templates

05 The Playbooks

Top 5 Playbook Templates.

The five highest-impact playbooks — Endpoint Quarantine + Identity Revoke, Phishing Burst, SaaS Consent Kill, Stolen Credential, Data Exfil — each with severity, response steps, immediate actions, and recovery.

5 pages Templates →

PDF

Companion Material

Decks · Source · Site

Open the InfoSec World 2025 deck

Conference Talk · 45 slides · Historical · pre-canon-lock

InfoSec World 2025.

The talk that introduced IR 2.0 — same framework, deck format, with worked examples and audience Q&A appendix. Note: this deck dates from October 2025 and uses pre-v0.1.0 wording for the Calm Loop, Four Pillars, and Six Principles. For canonical definitions see the v0.1.0 framework pages.

PDF · 4.2 MB Open →

Open the GitHub repository

Source · Repository

GitHub repo.

All HTML sources, brand CSS, and templates. Open issues, propose Packs, fork the framework. MIT for code, CC BY 4.0 for prose.

github.com/deretticyberlabs/ir2-framework Open →

Read the Metrics Ladder

Companion · Reference

Metrics Ladder.

Crawl, Walk, Run metrics tiers, from evidence freshness to premium movement tracking. Pulled out of the framework into a dedicated reference.

HTML · 1 page Read →

Read Implementation by Team Size

Companion · Playbook

By Team Size.

Three playbooks — Small (3–10), Medium (10–50), Large (50+) — with timelines, owners, and the Week 1 starter checklist.

HTML · 1 page Read →

Attribution

Cite this work.

If you use IR 2.0 in a paper, talk, runbook, or product, attribution is appreciated. Either of the snippets below works.

Deretti, T. (2026). IR 2.0: A Modular Operating Model for
Resilient, Defensible, Security-by-Default Operations (v0.1.0).
Deretti Cyber Labs. https://deretticyberlabs.com/ir2/ — CC BY 4.0.

<a href="https://deretticyberlabs.com/ir2/">IR 2.0 Framework</a>
by Tiago Deretti / Deretti Cyber Labs is licensed under
<a href="https://creativecommons.org/licenses/by/4.0/">CC BY 4.0</a>.