1. Introduction

The daily lives of individuals are profoundly influenced by digital information and telecommunications technologies, which also play a pivotal role in driving sustained economic development, social well-being, resilience of critical infrastructure, and national security (AlDaajeh et al., 2022). Consequently, safeguarding national cyber sovereignty and preventing malicious cyber behaviors have become imperative policies for nations. Cybersecurity has garnered significant attention due to the rapid advancement of information technology and the escalating number of network threats globally. According to research conducted by Symantec (2015), digitally native millennials who exhibit overconfidence often fall prey to cybercrime. As online platforms increasingly become targets for cybercriminals, higher education institutions are witnessing a notable surge in cyberattacks (Risk Based Security, 2020). Universities serve as breeding grounds for future professionals; however, current cybersecurity education programs face two major challenges: a shortage of skilled professionals and inconsistent course content that does not align with international standards. This further underscores the urgency and importance of incorporating cybersecurity education into higher education.

According to the latest report released by the China Internet Network Information Center in 2021, China has emerged as the world's leading digital society with nearly one billion internet users recorded as of December 2020. The ongoing COVID-19 pandemic has significantly accelerated China's digital transformation, permeating every aspect of society including individuals, businesses, and government entities (Wu et al., 2020). As a result, there is now a substantial demand for specialized professionals in network security due to its rapid advancement. Education is crucial in enhancing internet literacy among all users (Ricci et al., 2019). However, higher education institutions are currently encountering challenges in cultivating proficient cybersecurity professionals who can effectively address this escalating demand. Consequently, a conspicuous dearth of experts in this domain is evident. Moreover, disparities in standards and practices of cybersecurity education across diverse countries and regions have substantial implications on global employment prospects for students while concurrently impeding international collaboration efforts on cybersecurity.

The objective of this study is to conduct a comprehensive analysis of the current state of cybersecurity education in universities, identify and rectify any existing deficiencies, and establish a holistic framework for improvement. By comparing courses and teaching methods in higher education institutions and aligning them with industry requirements, we propose various practical solutions. Our primary focus lies in enhancing the university cybersecurity education system, expanding the pool of skilled professionals, and ensuring that course content meets global standards. These endeavors will positively impact the quality of cybersecurity education in universities by meeting the growing demands of the industry and fostering international collaboration. Furthermore, this study emphasizes the significance of student engagement and participation as crucial factors for effective learning in cybersecurity education. Ultimately, our findings and recommendations serve as an essential guide for educators, policymakers, and academic institutions aiming to cultivate a strong and dynamic workforce capable of addressing evolving challenges in the digital realm.

2. Research Objective

The objective of this study is to conduct a comprehensive analysis of the status and challenges faced by network security education for college students in China while proposing targeted strategies and directions for improvement. By examining and evaluating the practices and approaches employed by various higher education institutions worldwide in cybersecurity education, particular attention is given to the discrepancies and lack of uniformity observed in curriculum design about structure, content, teaching methods, as well as alignment with industry requirements.

3. Research Questions

Berki et al. (2017) conducted a comprehensive survey to examine the knowledge, attitudes, and usage behaviors of college and university students regarding cloud service security in Greece, Finland, Nepal, the United Kingdom, and China. Chen and Zahedi (2016) conducted a comparative study to investigate the perceptions and coping strategies of American and Chinese college students toward cybersecurity threats, as well as their friends and families' approaches to dealing with such threats. Building upon previous research by Zwilling et al. (2020), a survey was undertaken to assess cybersecurity knowledge, awareness, and behavior among students from Turkey, Israel, Poland, and Slovenia. These studies highlight the influence of factors like educational policies, resource allocation constraints, and limitations in teacher professional development on discrepancies between cybersecurity curriculum design and international best practices. Additionally emphasized is the issue of outdated technologies or theories in educational content that impede students' ability to effectively address contemporary cybersecurity challenges. University education in cybersecurity plays a pivotal role in addressing emerging areas such as quantum computing applications in cybersecurity alongside evolving threats posed by artificial intelligence. AlDaajeh et al.'s (2022) work emphasizes that effective cybersecurity education is crucial for fostering resilient societies and organizations capable of successfully combating cyber threats.

In the realm of higher education, there is a paucity of empirical research with large sample sizes available on cybersecurity risks (Ulven & Wangen, 2021). This study aims to scrutinize the deficiencies in current university cybersecurity education in meeting industry demands for proficient professionals. Primarily, there exists a dearth of highly skilled experts capable of effectively managing deployed systems and an urgent requirement for individuals possessing expertise in designing secure systems, writing secure code, and developing strategies to prevent, detect, mitigate, and recover from malicious network activities (AlDaajeh et al., 2022). This investigation assesses the efficacy of curriculum frameworks, teaching methodologies, initiatives promoting active student engagement, and collaborations with industry partners.

4. Literature Review

4.1 The Dearth of Proficient Experts

The research conducted by Olmstead and Smith (2017) revealed that individuals with higher levels of education and younger ages exhibit a greater aptitude for accurately answering Internet-related cybersecurity questions. This finding underscores the significance of professional education in fostering cybersecurity awareness. However, despite the proliferation of cybersecurity courses and majors offered by higher education institutions, there remains a shortage of professionals in this field compared to the rapidly expanding industry demand. It is noteworthy that deficiencies persist in providing essential technical and theoretical knowledge required to address emerging threats, underscoring the urgent need for cultivating skilled professionals. Hakak et al. (2020) emphasized the immediate necessity for cybersecurity experts and effective programs and measures to enhance cybersecurity awareness. Collectively, these studies underscore the prioritization of critical issues such as improving the quality of cybersecurity education and enhancing talent training.

4.2 The International Standards Exhibit Inconsistencies

The lack of global standardization in cybersecurity education has resulted in significant disparities in the quality of courses and certification standards, thereby impacting students' competitiveness on a global scale and posing challenges to international collaboration and talent mobility within the field. A recent study conducted by AlDaajeh et al. (2022) sheds light on how different countries are addressing this issue: The United States focuses on establishing educational standards and fostering industry-university collaboration through the NICE program, while the United Kingdom strengthens its cybersecurity framework with the BSC initiative. The European Union prioritizes enhancing trust and knowledge sharing related to technology products, Canada integrates practical work experience into learning, Russia emphasizes human capital development and international cooperation, China defines cyberspace sovereignty and enhances cyber governance, Australia reinforces critical infrastructure protection through a joint cyber security center, ASEAN drives digital transformation efforts, UAE develops a national cyber security strategy, and Switzerland concentrates on building robust cybersecurity capabilities. These measures reflect each country's unique priorities and strategies in cybersecurity education, offering diverse solutions and perspectives for advancing global cybersecurity education.

4.3 The Content and Structure

In a comprehensive investigation of the awareness of information security (ISA) conducted by Sun (2018), a survey was distributed to 655 college students from seven universities located in Dalian, China. The findings indicate that graduating students exhibit significantly lower scores in terms of their comprehension and prevention of cybersecurity risks, as well as their ability to respond effectively compared to their peers in other academic years. Sun speculates that this disparity may be attributed to the diminished attention given by students to ISAs due to their demanding schedules involving thesis writing, internships, and job applications during their final year. Additionally, the expanded social network of graduating students exposes them to more frequent encounters with scams and risky behaviors. These observations align with safetyrelated studies carried out by Huang et al. (2014) in China which also discovered that senior students are more susceptible to engaging in hazardous behaviors leading to an increase in safety incidents. Furthermore, existing research emphasizes the inadequacy of many cybersecurity courses when it comes to timely updates reflecting industry trends and technological advancements, as well as the lack of practical application within course content resulting in an inability to meet industry demands for applied learning.

4.4 Enhancing Pedagogical Approaches and Implementing Innovative Enhancements

As the world's second-largest economy, China exhibits a significantly high GDP on a global scale (International Monetary Fund, 2021). This is also evident in its educational development level, as indicated by an education index of 0.58 according to the latest data from the United Nations Development Programme (2020). The China Statistical Yearbook 2020 reveals that approximately 14.58% of the population has pursued higher education (National Bureau of Statistics of China, 2021), while more than half of high school students enroll in colleges and universities (Ministry of Education of the People's Republic of China, 2020). Simultaneously, there is an increasing prevalence of sophisticated attack methods and cybersecurity breaches (Herjavec, 2019). Given this circumstance, it becomes imperative to implement effective educational strategies and continuously enhance cybersecurity education for Chinese college students. There is an urgent requirement to revamp cybersecurity courses' structure and content to align with industry demands and international standards. To optimize student engagement and improve learning outcomes effectively, it is advisable to employ diverse and interactive teaching approaches that can better address field challenges while equipping students with practical skills and knowledge. Hong et al. (2023) employed the HAIS-Q instrument to investigate network security in China, revealing that social influence plays a significant role in shaping attitudes and influencing knowledge and behavior.

4.5 The Comparison of Course Design

In the realm of cybersecurity education, certain courses place a strong emphasis on technical skills, while others encompass a broader range of knowledge including law and ethics. Disparities exist in the frequency with which curriculum content is updated to reflect emerging technologies and industry trends, with some institutions demonstrating proactive approaches while others lag. Core and elective courses cater to students' individual interests and career planning through electives. Core courses primarily focus on fundamental concepts and skills in cybersecurity, whereas electives may offer specialized expertise or explore emerging areas. Additionally, efforts are made to strike a balance between theory and practice; certain courses prioritize practical skills such as laboratory activities and project-based learning, while introductory-level courses lay the foundation for establishing a strong theoretical understanding. Furthermore, there are variations in international standards; some programs consider global accreditation standards and industry collaboration significant, while others prioritize local or regional needs.

4.6 The Conventional Theoretical Research Framework And Model

The systematic comprehension and evaluation of the efficacy of cybersecurity curriculum design heavily depend on the adoption of a specific theoretical framework or model. Among various frameworks, the knowledge-attitude-behavior (KAB) model is widely employed to elucidate network security awareness and behavior (Zwilling et al., 2020). The research conducted by Hong et al. (2023) has provided empirical evidence for the pivotal influence of social environment and educational level in shaping cybersecurity attitudes and behaviors. Overall, employing the KAB model to explicate cybersecurity awareness and behavior provides researchers and educators with a potent tool to gain profound insights into the impact of cybersecurity education while considering the educational level and societal impact, thereby enabling a comprehensive assessment of the effectiveness of cybersecurity curriculum design while offering valuable perspectives for enhancing educational strategies.

4.7 A Framework for Cybersecurity Education

The framework encompasses a wide array of crucial domains, encompassing governance and global collaboration. Emphasis has been placed on the significance of risk management through the utilization of methodologies for evaluating cybersecurity risks, formulating security policies and protocols, as well as delivering training to effectively respond to incidents and handle crises. To foster innovation and research in cybersecurity, cultivate education on law and ethics, encourage active engagement in international discussions of cybersecurity among students, enhance their professional competencies, and broaden their global outlook. In addition to these endeavors, it is imperative to establish robust partnerships between governments, private sector entities, academia, and civil society to effectively tackle the challenges posed by cyber threats. Collaboration across diverse sectors can facilitate the exchange of information regarding emerging cyber risks and vulnerabilities, while simultaneously promoting best practices in cybersecurity. Moreover, investment in cutting-edge technologies such as artificial intelligence (AI) and machine learning can significantly enhance our ability to promptly detect and respond to cyber-attacks. These advanced technologies possess the capability to analyze vast amounts of data in real time, enabling the identification of patterns indicative of malicious activities or potential breaches. By integrating AI-powered solutions with human expertise, we can fortify our defense mechanisms against evolving cyber threats. Additionally, fostering a culture of continuous learning is imperative for individuals operating within the realm of cybersecurity. Regular training programs should be implemented not only for technical skills but also for cultivating critical thinking abilities that empower professionals to proactively anticipate future threats. Furthermore, promoting ethical considerations within the industry will ensure responsible conduct when handling sensitive data or conducting investigations.

4.8 Actively Participate in Initiatives

In the context of the current rapid advancements in information technology, network security has emerged as an indispensable and pivotal field. For a technologically advanced and economically influential nation like China, it is imperative to foster professionals equipped with cutting-edge expertise in cybersecurity. While developing high-quality course content remains crucial, ensuring students' sustained engagement holds equal significance. By employing highly interactive teaching methodologies, we can not only enhance students' interest and motivation for learning but also effectively augment their practical operational capabilities and problem-solving acumen. Through hands-on curriculum design encompassing simulation experiments, project-based learning, and industry internships, students can gain a deeper understanding of acquired knowledge while proficiently addressing forthcoming cybersecurity challenges proactively. Consequently, higher education institutions must adopt proactive measures to encourage and facilitate profound student engagement to cultivate cybersecurity experts who can excel on the global stage.

This proposal presents a comprehensive range of measures to actively engage Chinese university students in network security education, aiming to enhance awareness about the significance of cybersecurity education among academia and the public, with government support. The strategy aims to increase appeal by providing students with practical experience through activities such as hackathons and defense drills. To foster student interest and participation in cybersecurity, various methods are employed including online courses, flipped classrooms, case studies, and virtual simulation labs. Regular updates to course content ensure alignment with the latest technology and industry trends while collaboration with international accreditation bodies facilitates widespread recognition of this educational program. Moreover, it integrates career guidance, industry partnerships, internship opportunities, specialized scholarships, and grant programs to incentivize students' engagement in the field of cybersecurity both financially and experientially.

5. Finding

This study reveals significant disparities in the content and instructional approaches of contemporary cybersecurity education across diverse higher education institutions. Despite the growing emphasis on experiential learning, many courses still prioritize theoretical knowledge over practical application. This imbalance can impede graduates' ability to effectively tackle real-world cybersecurity challenges.

6. Limitation and Future Direction

This study primarily focuses on conducting a comprehensive review of existing literature and practices in cybersecurity education for college students, encompassing various perspectives. It is important to acknowledge that due to the vastness of the field, it may not be feasible to cover all relevant studies comprehensively. In future research, cybersecurity education should strive to adapt to the rapidly evolving technological landscape by emphasizing practical learning approaches with a strong focus on real-world application. Furthermore, augmenting problem-solving abilities and practical skills through simulation experiments, case studies, and industry internships would yield significant benefits.