Phase 5: Recover

Purpose

The Recover phase ensures the organization can restore operations after a security incident. It covers recovery procedures, backup validation, business continuity planning, and continuous resilience improvement.

Skills

Recovery Plan

/security:recovery-plan <topic>

Creates detailed recovery plans for critical systems. Covers recovery time objectives (RTO), recovery point objectives (RPO), restoration procedures, and validation checklists.

Output: Recovery plan with RTO/RPO targets and procedures → .metapowers/security/<topic>/05-recover.md

Backup Validation

/security:backup-validation <topic>

Designs backup validation and testing procedures. Covers backup integrity checks, restoration drills, schedule verification, and cross-region recovery testing.

Output: Backup validation plan with testing schedule → .metapowers/security/<topic>/05-recover.md

Business Continuity

/security:business-continuity <topic>

Develops business continuity plans for security scenarios. Covers critical process identification, alternate operating procedures, communication plans, and failover strategies.

Output: Business continuity plan with failover procedures → .metapowers/security/<topic>/05-recover.md

Resilience Improvement

/security:resilience-improvement <topic>

Establishes continuous resilience improvement cycles. Covers chaos engineering practices, game day exercises, resilience metrics, and improvement roadmaps based on incident learnings.

Output: Resilience improvement plan with chaos engineering schedule → .metapowers/security/<topic>/05-recover.md

After Recover

The Security Lifecycle is complete. Use Utility Skills for ongoing security checklists, threat intelligence, and compliance mapping.