What term best describes a document detailing the process to follow during a ransomware attack?

The term that best describes a document detailing the process to follow during a ransomware attack is "playbook." A playbook outlines specific actions, roles, and responsibilities that individuals or teams should follow in response to particular scenarios, such as a ransomware incident. It is designed for operational use and typically includes step-by-step instructions, best practices, and communication plans to effectively manage and mitigate the impact of the attack.

While procedures might focus on specific tasks within the broader context, they are usually more detailed and less strategic than a playbook. A policy would generally define the organizational stance or rules regarding cybersecurity but would not provide the tactical instructions needed during an incident. A strategy often encompasses broader plans or goals for managing security and may not detail immediate response actions as thoroughly as a playbook does. Therefore, the playbook is the most appropriate term for a document designed specifically for responding to a ransomware attack.