The human aspects of cyber security are fundamental as these are interlinked with processes and technology in building resilience against an evolving and complex threat landscape. It is vital to teach future cyber security specialists sufficient knowledge about human aspects in order to strengthen the defences and defend against malicious actors. The challenges in the cyber security course and curriculum design in higher education arise from ambiguity of what is meant by 'human aspects' in cyber security and differing demands of a multitude of cyber security job profiles. As a result, choosing what human aspects knowledge and skills to teach and balancing this with technical content is a multiplex problem. We review the existing cyber security curricular guidance on the human aspects and perform a systematic literature review of academic research. The review covers what human aspects content is included in existing cyber security courses and curricula, what are the design philosophies and pedagogical approaches to teaching human aspects and how the effectiveness of the content coverage and pedagogical approaches is evaluated in higher education with cyber security specialisation. The main findings are that although high-level guidance is available, there is no academic agreement and common vocabulary on the human aspects of cyber security. The research covering teaching human aspects is often very high level or focuses on a narrow topic (e.g., social engineering). The published research and sharing knowledge on the pedagogical approaches and evaluation varies in quality and is often published based on the USA's universities' experience. The interdisciplinary approach in cyber security, where human behaviour is a crucial component (i.e., human-centric cyber security), has been discussed for years. However, only when giving enough human aspects focus in the curricula and choosing appropriate pedagogical approaches will academia shape the future of cyber security education to achieve this goal.