Investigations, Intelligence & Risk Mitigation

Given the focus of the T&S Curriculum, this chapter provides an overview of investigation and intelligence processes as scoped to the field of trust and safety, primarily in the internet and technology space and including policies, product development and usage, Community Guidelines, and Terms of Service.

While investigations and intelligence processes can mitigate many risks, this chapter does not focus on regulatory risk. Regulatory risk is the potential for negative impact on a company and its users imposed by governments, and can assume the form of financial costs (e.g., lawsuits and fines), content and operating limitations (e.g., additional laws and regulations), and administrative costs (e.g., reporting mechanisms to regulators). These topics are addressed in the Legal and Regulatory Considerations chapter.

This chapter also does not focus on cyber threat intelligence functions typically situated within the cybersecurity domain (for example, network traffic analysis, firewall logs, intrusion detection, cyber-attacks on company/internal infrastructure and its employees, and/or technical vulnerabilities in a product). Rather this chapter focuses on investigations and intelligence regarding user behaviors and user engagements.

In this chapter, we cover the following:

  • Investigations and intelligence teams and roles
  • The investigations and intelligence lifecycle
  • Metrics used by investigations and intelligence teams
  • Opportunities and challenges