Guidance on the investigation of known or suspected breaches of the above mentioned policies
What the attacker has done with those computers and accounts so far, if this can be determined
What the attacker could do with those computers and accounts in the future if they are unchecked