ABSTRACT
This study sets to investigate the Application of Cryptography for Information Security in Umaru Musa Yar'adua University, Katsina. Four research questions were formulated and two hypotheses tested at α 0.05. The research questions, among others, sought to find out what types of databases are available and accessible in Umaru Musa Yar'adua University, Katsina? What types of security threats are databases in Umaru Musa Yar'adua University, Katsina exposed to? Survey research design was used for this study. The population of the study comprised all staff of the Directorate of Information and Communication Technology in Umaru Musa Yar'adua University, Katsina. Due to the fact that the population is not too large, all the 21 staff were used as sample for this study. Hence no sampling technique was applied. Questionnaire and observation were the instruments used to collect data for this study. The data collected were presented and analysed using frequency distribution tables, and percentages. While null hypothesis one was tested using PPMC and null hypothesis two was tested using Chi-Square. The study found among others that personnel records database, financial records database, transcript records database, and student academic records database were the types of databases available with the highest frequencies of 100.0% response scores respectively in UMYUK. It was also revealed that data tempering, password-related threats, worms, intrusion by unauthorized users, clicking unnecessary links and privilege abuse were the security threats exposed to the databases with the highest frequencies of over 60% response scores respectively in the University. On the hypotheses tested, it was found that there is no significant relationship between database accessibility and the types of security threats they are exposed to in Umaru Musa Yar'adua University, Katsina. Application of cryptography has no significant effect on the prevention of security breaches of databases in the University studied. This study recommended that the University should adopt strategic information records database for keeping records of valuable assets, day-to-day operations, and executive decision-making and intellectual rights in efforts to prevent theft of institutions' secrets and confidential documents. Lastly, Information security risk assessment and management should be made an integral component of DICT policy document. This would go a long way in preventing and minimizing the threat level of data by intruders and other malicious attacks in the University's databases. This is a prerequisite for the University to successfully survive and compete in the 21st Century.