What term describes the organizational approach followed by threat actors to launch their attack?

Procedures describe the step-by-step actions threat actors follow to carry out an attack. In security discussions, we use the TTPs framework—tactics, techniques, and procedures—where tactics are the attacker’s broad goals, techniques are the specific methods used, and procedures are the concrete, repeatable steps or playbooks that implement those techniques in a campaign. Describing how an attack is organized, including the sequence of actions, tools used, and the workflow from initial access onward, fits best with procedures. Techniques and tactics refer to methods and objectives, while TTPs is the umbrella term that includes all three but doesn’t single out the operational workflow.