Guidance on the investigation of known or suspected breaches of the above mentioned policies

What the attacker has done with those computers and accounts so far, if this can be determined

What the attacker could do with those computers and accounts in the future if they are unchecked