nl en

Actors and Behaviour in Cyberspace


Admission requirements

Admission only after intake, see website of the Cyber Security Academy

Elective in master’s programme Cyber Security.


‘Actors and behaviour in cyberspace’ provides insights from behavioural analysis literature focusing on how individuals, corporations, States and algorithms are in action in cyberspace.

The course starts by introducing the students to the rational choice theory in order to use self-interest focused behaviour as a benchmark for rational choices. The students are then introduced to the information asymmetry concept. Actors are usually under the impression that they make informed choices, however this might not be always the case especially in complex domains like cyberspace. For example, when it comes to giving consent to be subject to automated-decision making, the individual is much less informed about the consequences of the relevant consent. When it comes to how corporations act in cyberspace, it is important to identify corporations as profit maximizing entities. This would mean a corporation’s rational choice regarding its behaviour in cyberspace would be influenced by their competitor’s behaviour. To better understand how corporation’s influence each other’s behaviour, the students will be introduced to game theory concepts including simultaneous and sequential games, as well as coordination games. The course will continue by focusing on State behaviour in cyberspace. We will analyse how coordination games can also exist between States and how these games translate into regulating cybersecurity. We will also touch upon how open government strategies could also affect State behaviour. We will use examples from how big data analytics might be abused through State action. In the last course, we will focus on how artificial intelligence and machine learning based algorithms influence the behaviour of individuals, corporations and States.

Course objectives

Participants have:

  • basic knowledge and understanding of the root causes of different forms of cybersecurity risks and incidents and how to categorise those

  • basic knowledge and understanding of the contributions made by the behavioural sciences (with a special focus on sociology, psychology, criminology and economics) in analysing and evaluating the role of (human) behaviour and agency in cybersecurity

  • basic knowledge and understanding of the human factor in cybercrime (profiles of cybercriminals, social engineering), in economic cybercrimes and the economic incentives in/of cybersecurity incidents

  • insight in perceptions of (cyber)security (rational actor theory, securitisation, politicking) and in cybersecurity accidents (awareness, risk perception, knowledge & skills, motivation)

Participants are able to:

  • write a research paper on a topic that fits within one of more of the themes addressed in this course


5 Fridays from 9.30 until 17.00, either in April/May or in June/July, to be scheduled dependant on preferences of participants.

Mode of instruction

Lectures, seminars, exercises, class discussion
Lecturers: dr. Elif Kiesow Cortez

Course Load

4 EC

Assessment method

The grade of this assignment is composed of four elements:

a. problem identification using one of the theories in the course (10%)
b. case analysis or short paper focusing on the selected problem (50%)
c. presentation 1 (10%)
d. presentation 2 (30%)

No compensation is possible for assignments of 30% or more. Only assessments with a weight under 30% are compensable. This means that one does not have to pass an assessment if it weighs less than 30% in order to pass the course, if the average of all assessments combined is at least a 5.5. In addition, assignments with less than 30% are not re-sitable, meaning that if one failed an assessment of less than 30%, one is not allowed to redo it.


Yes, for posting slides of lectures, relevant literature and assignments.

Reading list

Compulsory literature and literature for further consultation will be announced via Blackboard.


No registration is required for lectures and exams.


Drs. Mireille Snels, programme manager


For more information see the website of the Cyber Security Academy