User Acceptance of Speech-Enabled Technologies for Configuration of Computer and Network Security

This article was downloaded by: [Northeastern University]On: 04 November 2014, At: 09:21Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

Journal of Information Privacy andSecurityPublication details, including instructions for authors andsubscription information:http://www.tandfonline.com/loi/uips20

User Acceptance of Speech-EnabledTechnologies for Configuration ofComputer and Network SecurityLuse Andya, Mennecke Brian E.a & Townsend Anthony M.a

a Iowa State University - Ames, IAPublished online: 10 Sep 2014.

To cite this article: Luse Andy, Mennecke Brian E. & Townsend Anthony M. (2010)User Acceptance of Speech-Enabled Technologies for Configuration of Computerand Network Security, Journal of Information Privacy and Security, 6:4, 28-49, DOI:10.1080/15536548.2010.10855898

To link to this article: http://dx.doi.org/10.1080/15536548.2010.10855898

PLEASE SCROLL DOWN FOR ARTICLE

Taylor & Francis makes every effort to ensure the accuracy of all the information (the“Content”) contained in the publications on our platform. However, Taylor & Francis,our agents, and our licensors make no representations or warranties whatsoeveras to the accuracy, completeness, or suitability for any purpose of the Content. Anyopinions and views expressed in this publication are the opinions and views of theauthors, and are not the views of or endorsed by Taylor & Francis. The accuracyof the Content should not be relied upon and should be independently verifiedwith primary sources of information. Taylor and Francis shall not be liable for anylosses, actions, claims, proceedings, demands, costs, expenses, damages, and otherliabilities whatsoever or howsoever caused arising directly or indirectly in connectionwith, in relation to or arising out of the use of the Content.

This article may be used for research, teaching, and private study purposes. Anysubstantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,systematic supply, or distribution in any form to anyone is expressly forbidden. Terms& Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions

http://www.tandfonline.com/loi/uips20

http://www.tandfonline.com/action/showCitFormats?doi=10.1080/15536548.2010.10855898

http://dx.doi.org/10.1080/15536548.2010.10855898

http://www.tandfonline.com/page/terms-and-conditions

http://www.tandfonline.com/page/terms-and-conditions

User Acceptance of Speech-Enabled Technologies

User Acceptance of Speech-Enabled Technologies for Configuration of Computer and Network Security

Andy Luse, Iowa State University - Ames, IA [email protected]

Brian E. Mennecke, Iowa State University - Ames, IA [email protected]

Anthony M. Townsend, Iowa State University - Ames, IA [email protected]

ABSTRACT

Computer and network security administration has gained vital importance as online banking, corporate documents, and business to business transactions are now all carried out over computational networks. Designing security systems that sat is! the requirements of both network administrators and end-users brings with it the paradox of ease of use and absolute security. This research investigates the acceptance, by users, of speech recognition as a mechanism for alleviating computer and network security configuration. The studyJinds that, while the perceived usefulness of speech- enabled systems for security conJiguration leads to greater future intention to use the system, ease-of-use indirectly affects future use. This is a vital finding for developers of speech-enabled security configuration systems.

KEY WORDS

Speech Recognition, Technology Acceptance, Security

INTRODUCTION

"Well, how do you expect me to type, with my nose? Did you see that? The machine typed everything I --- It's typing everything I'm saying! Stop it. --- Stop it ---! STOP IT!" (Roberta Lincoln (Teri Garr) in Star Trek TOS, Assignment Earth)

As this quote from Star Trek illustrates, the concept of machines that are capable of responding to human commands has been a focus of human imagination for some time. In spite of various user interface advances, such as pointing devices and touch

2 8

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


screens, the most natural way for humans to communicate is with voice. When involved in stressful or spontaneous activities, one of the fust actions that many people take is to vocalize responses (e.g., "Ouch!", "Watch out!", "Get out of the way!"). In this light, it is natural to consider vocalizations as an efficient means of interacting with computers when facing stressful, time constrained, or important tasks.

Computer and network security has gained significant exposure in recent years, due to its importance in our current digital economy. With the proliferation of worms and viruses, as well as nefarious user activity, network security is of tantamount importance in the corporate environment. The CSI Computer Crime and Security Survey showed that 25% of respondents reported financial losses of over 60% due to actions by users inside the corporate network. Also, respondents felt that their investment in end-user security training was inadequate (Richardson, 2009). An important reason for these lapses is the fact that security management is a complicated and difficult function. This difficulty stems from multiple sources, but a recurring source of difficulty is the user interface and control activities associated with manipulating the security software systems. Clearly then, the development of better interfaces for managing and manipulating end-user security systems are needed.

Multimodal input has been explored in numerous areas as a means for augmenting traditional keyboard and mouse mechanisms for computer input. Preeminent among the variety of multimodal possibilities, speech recognition technologies offer the promise of more natural computer input mechanisms as'well as greater usability of systems by persons with disabilities @e La Paz, 1999; Higgins & Raskind, 2000; Noyesand & Frankish, 1992). Systems that use voice recognition can be used to provide a more user-friendly product, which in turn, increases the likelihood of re-use and mastery in the future. Interestingly, given the importance of computer network security and the attractiveness of a multimodal system, there is no published research examining user attitudes toward voice input systems associated with computer security management and configuration.

This research looks at users' reactions to the use of multimodal input for computer and network security configuration. Specifically, it investigates the acceptance of speech recognition for the configuration of user fuewall settings. As noted earlier, multiple research studies have examined the acceptance of speech recognition for certain tasks, yet no research has investigated its acceptance for security-related configuration tasks. This gap offers an opportunity to examine a potentially useful system augmentation that has the potential to increase the quality of users' interactions with the security system. The utility of voice recognition in security applications is, at this juncture, uncertain. Differences could exist both between security and traditional applications as well as within security applications based on the difficulty of the task as well as the experience of the user. As opposed to other traditional speech-enabled applications (dictation, navigation, etc.), security-related applications could carry extreme consequences for erroneous input and therefore speech-enabled applications in this

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


area need be extensively tested prior to deployment. In earlier research, a speech- enabled module was added to the Distributed Security Console (DSC), a software system used to administer user firewall settings in a roaming user-based distributed firewall environment (Luse, Scheibe, & Townsend, 2009). While implementation of the speech recognition module for the DSC system was a small portion of the research agenda, the question that this research raises is whether the speech recognition increased users' acceptance of the technology and subsequent intention to utilize the technology in the future. Our findings show that while overall behavioral intent to utilize a speech-enabled system for administering security settings is not significantly different from traditional input mechanisms alone, the perceived usefulness and perceived ease-of-use of the system significantly contributed to the hture intention to use the system both directly and indirectly.

BACKGROUND

Technology Acceptance

Technology acceptance has been utilized extensively as a measure of usability and adoption of technology. The Technology Acceptance Model (TAM) is the leading model for measuring the acceptance of technology by an individual (Davis, 1989). TAM, and its various derivations, have been extensively utilized in research and have consistently explained more than 40% of the variance associated with an individual's intention to use a technology. TAM'S origins can be traced to both the Theory of Reasoned Action (TRA) (Ajzen & Fishbein, 1980; Fishbein & Ajzen, 1975) and the Theory of Planned Behavior (TPB) (Ajzen, 1985), which were both used to explain motivation for task performance. The TAM adaptation of this work was intended to be used to examine information systems adoption and technology use by individual decision makers. TAM maintains that perceived usefulness (PU) and perceived ease of use (PEU) for a technology, when considered together, explain the intention (i.e., the behavioral intention, or BI) of the user to accept or reject a new technology for future use (see Figure 1).

Usefulness

A Actual System

Figure 1. Technology Acceptance Model (TAM) utilized for this study.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


Various iterations of TAM have been explored in subsequent research. For example, TAM2 added subjective norms as a third exogenous variable in the model (Venkatesh & Davis, 2000). Subsequently, the Unified Theory of Acceptance and Use of Technology next added facilitating conditions as a fourth exogenous variable (Venkatesh, Morris, Davis, & Davis, 2003). Most recently TAM3 has added a number of variables which precede PU and PEU and also moderators for the model (Venkatesh & Bala, 2008). While these later models have attempted to improve TAM, the original TAM model continues to be used as a foundational model of technology adoption by providing strong explanatory power while maintaining the greatest degree of parsimony.

Our research model is shown in Figure 1. In this model, the construct of Actual System Use is represented with lighter shading because this variable is not a focus of this study. While the original TAM model includes this construct, many subsequent studies have focused on behavioral intention alone (Koufaris, 2002; Venkatesh, 2000; Venkatesh & Morris, 2000). Specifically, this research is designed to examine whether users of the target system would be likely to utilize this system again in the future.

Speech Recognition and Technology Acceptance

Technology acceptance of speech recognition technologies has been investigated for many different applications. In the medical arena, research has looked at the acceptance of speech recognition by physicians as a front end to an electronic medical record system (Alapetite, Andersen, & Hertzum, 2009). Also, the acceptance of speech recognition has been explored for use in medical transcription (Green, 2004). Additionally, research has explored the acceptance of voice-enabled web systems for business applications (Chang, 2009; Chang & Heng, 2006; Devlin & Scott, 2001). In addition, the use of voice-enabled systems has been explored as a method to enhance the acceptance of mobile commerce applications (Fan, Saliba, Kendall, & Newmarch, 2005). Finally, military applications of voice-enabled systems have also been studied with regard to user acceptance (Simon & Paper, 2007).

Speech-enabled technologies have shown promising results in applied settings. For example, by utilizing speech-enabled technologies, the user is able to use a natural language, which frees the user to do other tasks with his or her hands (Lai, 2000; Shneiderman, 2000). Speech recognition also holds the possibility for increased data entry, improvements in spelling, and increased access for those who are unable or lack traditional typing skills (Boyce, 2002; Goette, 2000; Leitch & Bain, 2000). Furthermore, other technologies, such as telephones (Charry, Pirnentel, & Camargo, 2000; Gaddy, 2000; Goodliffe, 2000; Rolandi, 2000), automobiles, toys, and home electronics and appliances are utilizing speech-enabled technologies (Soule, 2000), which increases user familiarity with speech recognition and implies that users will find such systems easier to learn than traditional systems that do not include speech

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


recognition. Speech-enabled technologies have also proved useful and user intuitive in business applications (Simon & Paper, 2007). Given its many applications, we expect that speech-enabled technology will be perceived to have a higher usefulness for a variety of tasks compared to other manual input technologies. In addition, given that speech-enabled technologies utilize natural language and thereby free the user to do other things, individuals might perceive the technology as providing greater usefulness and ease-of-use as compared to other input mechanisms.

The literature involving technology acceptance of speech-enabled technologies, demonstrates that perceived usefulness consistently has a significant impact on behavioral intention. Furthermore, some research does not show a direct path from perceived ease-of-use to behavioral intention to utilize the technology (Shuchib Ernest & Heng, 2006; Simon & Paper, 2007), which implies that there may not be a significant impact of perceived ease-of-use on behavioral intention to use speech- enabled technologies, but instead perceived usefulness will mediate the relationship between perceived ease-of-use and behavioral intent for speech-enabled technologies. This is in contrast with other traditional applications, where perceived usefulness only partially mediates the relationship between perceived ease-of-use and behavioral intention to use the system in the future.

While voice-enabled technologies have been utilized in other areas, little research has been explored in the area of computer and network security. Most of the research has looked at using voice biornetrics as an authentication mechanism in high security environments (Tanveer, 2006). These appear to be the extent of research that has examined the role of voice-enable technologies in the context of security software use.

DISTRIBUTED SECURITY CONSOLE

The Distributed Security Console (DSC) is an application that was developed to allow network administrators to remotely configure user firewall settings for their respective hosts. This type of application was built as an extension to the work in distributed firewalls (Bellovin, 1999) and, more recently, roaming user-based distributed firewall infrastructures (Luse, et al., 2009). DSC allows administrators within this environment to utilize a GUI interface for ease-of-use with modifying user firewall settings. The interface for each user's firewall settings is modeled after the firewall configuration interface in Windows XP to give the administrator a familiar interface for adjusting firewall security settings. Figure 2 shows a screen capture of the DSC interface for one machine.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


ne Name: h

ne IP: 1

Po

lachinel

92 168 1.100

F TCP C UDP

Figure 2. DSC interface when configuring a computer's firewall settings.

To better aid in user firewall configuration, an added mechanism for user input was incorporated in DSC. Speech recognition by the system allows the user to utilize voice commands to configure firewall settings. These voice commands can be used to perform any of the same commands which can be performed using traditional mouse and keyboard entry. The speech module was added for the purposes of this research to assess user attitudes toward the use of speech recognition for configuring computer and network security settings, specifically firewall settings.

Given the background research, three separate hypotheses were developed.

HI: Users utilizing speech-recognition in combination with traditional mice and keyboards for firewall configuration will report a greater behavioral intent to use the technology in the future as compared to users who only utilize traditional mice and keyboards.

Hz: Perceived usefulness will more significantly influence behavioral intention to utilize a system for fxewall configuration in the future for users using speech-recognition in combination with traditional mice and

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


keyboards as compared to users who only utilize traditional mice and keyboards.

H3: Perceived usefulness will mediate the relationship between perceived ease-of-use and behavioral intention to utilize a system for firewall configuration in the future for users using speech-recognition in combination with traditional mice and keyboards.

DATA COLLECTION

Subjects involved in this research were volunteers from two sections of an introductory course in management information systems at a large Midwestern university. Subjects were solicited from this course because the students represented a cross-section of the typical computer user we were targeting. The instructor for the course had previously covered basic computer and network security concepts including the basic ideas behind a firewall. The instructor had not presented any information regarding speech recognition technologies or applications.

The research was broken into four sections consisting of approximately 10 students per session. Four separate sections were utilized during the evening hours of two consecutive weekdays. The same facilitator conducted all four research sessions and was also the instructor for the course from which the sample was taken. All four sections were identical in content and only differed by the order in which this content was delivered to the subjects. No class sessions occurred during the interval during which the studies were completed, so all subjects had been exposed to the same course content at the time of the data collection.

The research utilized a crossover quasi-experimental design for measuring differences between two separate treatments (Heppner, Wampold, & Kivlighan, 2008). The experiment was structured as follows:

Research session 1 : XI 01 X2 0 2 Research session 2: X2 01 XI 0 2

Research session 3: XI 01 X2 0 2 Research session 4: X2 01 XI 0 2

The two different treatments (XI and X2) were assigned in a random order to the subjects in each of the two sections and subsequent observations (01 and 0 2 ) were taken after each treatment. XI consisted of the subject performing the study utilizing only traditional keyboard and mouse input mechanisms, followed by the subject filling out a questionnaire (01) about the system (see Appendix A for the questionnaire utilized). Next, the subject would perform the exact same study utilizing speech-enabled technologies in tandem with traditional keyboard and mouse input mechanisms (X2) followed by the subject again filling out the same questionnaire (02). SO while the subjects were allowed to choose which research

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


session they attended, the order of the treatments was randomized across sections. This allowed the researchers to increase power by utilizing the same subjects for both treatment groups, while controlling for history effects by randomizing the order in which the subjects received each treatment (Heppner, et al., 2008).

Each session was conducted using the following procedures. At the beginning of each session, the facilitator took roll call before handing out the materials to each student. Next, the instructor would demonstrate each task that would be required of the student for each of the two manipulations before the student completed the tasks. This was meant to give the student vicarious experience (Bandura, 1986) with the technology before they utilized it for the study as well as demonstrate the necessary speech commands for interacting with the system (commands corresponded to the text on the screen for the various objects, but demonstrating these commands was determined necessary to effectively "train" the subjects). Also, since the interest of the study involved whether or not a subject would utilize a speech-enabled version of this technology in the future, they needed to witness the technology being utilized so they could comment on the behavioral intent to utilize a speech-enabled version after each manipulation. The user was instructed to utilize a headset microphone which had already been attached to their machine. The user would then train the computer, utilizing a set of instructions provided by the facilitator in the packet (see Appendix C). This speech setup phase took approximately five minutes. The instructor would then allow each student to perform each task and fill out his or her questionnaire after completing each task successively, for a total of two tasks followed by two questionnaires respectively. Each questionnaire asked about the user's perception of the usefulness and ease of use of utilizing the technology as well as his or her intention to utilize a speech-enabled version of the technology in the future. The research question was not focused on whether subjects would consider using the traditional form of the technology in the future; rather, the focus was on understanding user attitudes toward the speech-enabled version after they had exposure to the technology both with and without speech-enabled commands. Demographic questions were also included as part of the survey following the first task. Appendix A contains the questionnaire utilized during the study. With the exception of the demographic questions, the same questions were utilized following each of the two tasks.

The same tasks were utilized by all research participants in all four sessions (see the task sheet in Appendix B). The user was first asked to open a computer from the console. Next, the user was asked to view the currently logged in user at that computer. The user was then asked to modify the logging settings at each computer before adding and enabling an FTP port in the firewall configuration. Finally, the user would be asked to close the computer on the console after configuring the firewall settings. Following each iteration, the user would be asked to complete the questionnaire (see Appendix A). The only difference between the two iterations was that the user could use speech recognition in tandem with traditional mouse and

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


keyboard entry mechanisms during one of the iterations and only traditional entry mechanisms during the other. Subjects were required to try the speech mechanisms first, but were allowed to revert to traditional input mechanisms if they were unsuccessful after multiple tries utilizing speech. We expect that the attitudes of the few who had to revert to traditional input mechanisms would be reflected in the questionnaire, but we wanted them to be able to complete the task successfully for educational purposes.

RESULTS

In total, 42 subjects participated in the four research sessions. Given the crossover design, this allowed for 84 observations. Seven responses were removed due to incomplete answers, leaving 77 completed responses. The study examined three independent variables and one dependent variable. The dependent measure of behavioral intent consisted of two items and had a high reliability (Cronbach's a =

0.924). This item was designed to measure a user's intention to utilize the technology in the future. The independent variables for the study included the subjects perceived usefulness of the technology (a = 0.959) and the subject's perceived ease-of-use of the technology (a = 0.928). Table I provides means and standard deviations for the dependent variable and each of the independent measures. The final independent variable indicated whether the subject utilized the speech-enabled or non speech- enabled version of the software, which consisted of a 1 or 0 respectively.

Table 1. Sample size, mean, and standard deviations for study variables.

PU PEU BI (perceived usefulness) (perceived ease-of-use) (behavimal intent)

speech not used 2.68 2.25 2.59 n=35 (0.97) (0.82) (1.20)

speech used 2.84 2.40 2.40 n 4 2 (1.37) (1.09) (1.47)

$item 6-item 2-item

(minimum preferred) Min = 1, Max= 6 Min = 1, Max= 6 Min = 1, Max=6

a = 0.959 a = 0.928 a = 0.924

To test the hypotheses above, TAM was utilized as the combined model. Ordinary least squares (OLS) regression analysis was utilized to examine the overarching model as well as the individual loadings of the three independent variables on behavioral intent. The formula for the test is displayed below, where M3 is the model and SpU is either a 1 or 0 based on whether speech was utilized.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


SPSS was used to analyze the data. The results showed that the overall model was significant (F(3,73) = 18.866, p = 0.000) explaining 44% of the variance in subjects' behavioral intent to use the technology in the future. Also the two independent variables of perceived usefulness (t = 3.148, p = 0.002) and perceived ease-of-use (t = 2.434, p = 0.017) were shown to be significant. Conversely, the independent variable of whether or not speech was used was not significant (t = -1.328, p = 0.188). This rejects hypothesis 1 that those who utilize the speech-enabled version of the technology will show a greater behavioral intention to use the technology in the future as opposed to those who utilized the non speech-enabled version. Table 2 shows the results for the overall models.

Table 2. ANOVA Table for overall models. (DV = Behavioral Intent)

To examine hypotheses two and three, the subjects were divided into two separate groups depending on the type of software they utilized (speech-enabled vs. non speech-enabled), and separate analyses were run. The results show that perceived usefulness is a significant predictor of future intention to use when speech is utilized (t = 2.852, p = 0.007), while it is not significant when speech is NOT utilized (t = 1.208, p = 0.236), supporting hypothesis 2. The Baron and Kenny approach was utilized for meditational analysis (Baron & Kenny, 1986) and found that perceived usefulness fully mediates the relationship between perceived ease-of-use and behavioral intent when speech is utilized (partialF(I,39) = 8.134, p = 0.007), which supports hypothesis 3. The segmented effects for this relationship are as follows:

MI : total effect = b, 0.790

M2: direct effect = bllz = 0.310

indirect effect total effect - direct effect = 0.790 - 0.310 = 0.480

PEU

PU

Speechused

Intercept

SSR (wldf) MSE (wldf) R-squared

M3 M2

p 0.017

0.002

0.188

0.231

b 0.429

(0.1 76) 0.451

(0.143) -0.315

(0.237) 0.411

(0.340)

60.48 l(3) 1.069(73)

0.437

MI t-ratio

2.434

3.148

-1.328

1.208

p 0.020

0.003

0.409

b 0.419

(0.177) 0.448

(0.144)

0.270 (0.325)

58.597(2) 1.080(74)

0.423

p 0,000

0.079

t-ratio 2.368

3.1 13

0.831

b 0.817

(0.1 29)

0.581 (0.326)

48.136(1) 1.205(75)

0.348

t-ratio 6.321

1.778

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


The results for the two sub-analyses are given in Table 3.

Table 3. ANOVA table for sub-analyses (DV = Behavioral Intent)

Speech NOT Used

Speech Used

DISCUSSION

The purpose of this study was to examine user reaction to a speech recognition enabled system for computer and network security administration. Specifically, the study looked at the user acceptance of utilizing a speech-enabled system for modifying user frewall settings in a roaming, user-based, distributed firewall environment. We hypothesized that, (1) individuals utilizing a speech-enabled system would have greater intention to use the system in the future, (2) when utilizing the speech-enabled version, perceived usefulness would have a greater influence on future use behavior in the speech group, and (3) perceived usefulness would mediate the relationship between perceived ease-of-use and future use behavior when utilizing the speech-enabled version. The results support hypotheses two and three, but not hypothesis one.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


This study has two important contributions. First, this is one of the first studies to examine an implementation of speech recognition for computer and network security administration. Many applications of speech recognition have been developed to assist users in performing certain tasks, but their use in security has been neglected. Network security administration is a vital piece of a healthy corporate environment. It is interesting to observe that no speech enabled security technology yet exists on the commercial software market. So, while research exploring user acceptance of speech- enabled technologies in other areas has been performed, this is the first research to examine this mode of input for security technologies. We do acknowledge that perhaps the reason for this dearth of research and application development is the perception that errors would be more likely in a voice recognition system. For example, the consequences of making errors while using security systems could be perceived as being more severe and harder to correct. And while this concern underscores the importance of developing sound controls in voice recognition augmented systems, the fact that users responded positively to this technology is encouraging, although the fact that our subjects lacked significant knowledge about security is a limitation of this research (e.g., subjects may have experienced greater cognitive load because of the novel environment) (Sweller, 1988). Nevertheless, this research represents an important first step in research in this domain and we hope this research spurs additional research and development in this area.

Second, this research demonstrates an interesting relationship among the TAM constructs with regard to adoption of a speech-enabled security administration system by future users. The usefillness of a speech-enabled security administration system significantly affects the future use of such a system, which means that users believe that such a system would be useful for performing administrative duties and would also have a continuing interest in the system in the future. While perceived ease of use of this system is not directly related to behavioral intent to explore the system in the future, it does significantly influence perceived usefulness. This means that perceived ease of use significantly impacts intended future use of the system by affecting perceived usefulness when speech is utilized.

In addition to the construct patterns in the adoption model, the summary statistics show that the average perceived ease-of-use for the speech-enabled version is less than that of the non speech-enabled version (minimums are preferred). Our interpretation of this is that speech-enabled security administration systems need to not only be speech enabled, but also need to be easier to use, thus increasing the direct effect on intention of users to utilize such systems. Additionally, it may be the case that interface and ease of use factors related to the voice interface are not at issue; rather, it is the unconventional mode of interaction that reduces the comparative rating of the voice recognition enabled system. Often, users react negatively to new interfaces when they are accustomed to using another existing interface. Whether the new alternative is easy to use or not, it may not be perceived to benefit the user if the new interface interferes with habitual approaches to accomplishing the task. For

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


example, although tests on the Microsoft Office 2007 interface show that it is more efficient for accomplishing common user tasks, many users rejected the new interface when first released because they were accustomed to the old mode of interaction. Of course, most users should be accustomed to speaking; nevertheless, they are likely not accustomed to doing so when controlling a system interface. Future research should examine the influence of the novelty that voice interfaces have when being used in security scenarios.

LIMITATIONS

While this research offers a useful first look at the issues affecting the use of speech- enabled technologies for network and computer security configuration, there are some limitations to the study. First, while the technology acceptance model is a common framework for guiding research on technology adoption, more elaborate versions of the model are available (Venkatesh & Bala, 2008; Venkatesh & Davis, 2000; Venkatesh, et al., 2003). Second, we did not examine these data using Structural Equation Modeling (SEM). This was done, in part, because we had a smaller sample size and also because this study is exploratory in nature (i.e., this is the first research to examine speech-enabled technologies for network and computer security). Additionally, since we were only examining the relationship between PEU and EOU, a simple regression was appropriate; nevertheless, it should be recognized that we are not testing the complete TAM model. Of course, as noted earlier, many researchers focus on behavioral intentions, which are often indicative of actual use. Given this, the statistical results should be interpreted in light of these limitations. Finally, the research utilizes DSC, a firewall configuration tool for a roaming user-based distributed firewall environment. Future research should explore the use of speech- enabled technologies for other computer and network security configuration technologies as these other technologies may have morelless difficult interfaces and may morelless severely impact security on the network.

CONCLUSIONS AND FUTURE WORK

This research examined the acceptance by users of speech recognition for configuring computer and network security settings. Specifically, the research examines the acceptance of speech recognition for administering user firewall settings in a roaming user-based distributed firewall environment. The research showed that while overall behavioral intent to utilize a speech-enabled system in the future is not significantly different from a system utilizing traditional input mechanisms, the behavioral intention of users to utilize a speech recognition system in tandem with traditional keyboard and mouse input mechanisms showed a significant influence of perceived usefulness. Also, perceived ease-of-use had an indirect effect on future use intention through perceived usefulness in the speech-enabled group. This has important implications for system developers, suggesting that more research should look into

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


making easier to use speech-enabled security administration systems to more directly affect intended hture use of such systems.

ACKNOWLEDGEMENT

The authors would like to thank Dr. Alexander Stoytchev for stimulating interest in this topic.

REFERENCES

Ajzen, I. (1985). From intentions to actions: A theory of planned behavior. In J. Kuhl & J. Beckrnann (Eds.), Action control: From cognition to behavior. New York: Springer-Verlag.

Ajzen, I., & Fishbein, M. (1980). Understanding attitudes and predicting social behavior. Englewood Cliffs, NJ: Prentice-Hall.

Alapetite, A., Andersen, H. B., & Hertzum, M. (2009). Acceptance of speech recognition by physicians: A survey of expectations, experiences, and social influence. Int. J. Hum.-Comput. Stud., 67(1), 36-49.

Bandura, A. (1986). Social foundations of thought and action: A social cognitive theory. Englewood Cliffs, NJ: Prentice-Ha.

Baron, R. M., & Kenny, D. A. (1986). The moderator-mediator variable distinction in social psychological research: Conceptual, strategic and statistical considerations. Journal of Personality and Social Psychology, 5 1, 1 173-1 182.

Bellovin, S. M. (1999). Distributed Firewalls. login, November, 37-39.

Boyce, C. (2002). Speech recognition market grows. Research & Development, 44(17).

Chang, S. E. (2009). Implementation and empirical evaluation of voice-enabled web applications. International Journal of Information Technology Management, 8(2), 178-195.

Chang, S. E., & Heng, M. S. H. (2006). An Empirical Study on Voice-Enabled Web Applications. IEEE Pervasive Computing, 5(3), 76-8 1.

Charry, M., Pimentel, H., & Camargo, R. (2000). User reactions in continuous speech recognition systems. Paper presented at the AVIOS Proceedings of The Speech Technology & Applications Expo.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 31 9-340.

De La Paz, S. (1999). Composing via Dictation and Speech Recognition Systems: Compensatory Technology for Students with Learning Disabilities. Learning Disability Quarterly, 22(3), 173-1 82.

Devlin, M., & Scott, T. (2001). Using a Speech Technology Agent as an Interface for E-Commerce. Lecture Notes In Computer Science, 2033, 332-346.

Fan, Y., Saliba, A., Kendall, E. A., & Newmarch, J. (2005). Speech interface: an enhancer to the acceptance of m-commerce applications. Paper presented at the Mobile Business, 2005. ICMB 2005. International Conference on.

Fishbein, M., & Ajzen, I. (1975). Belief, attitude, intention, and behavior: An introduction to theory and research. Reading, MA: Addison-Wesley.

Gaddy, L. (2000). The future of speech 110 in mobile phones. Paper presented at the SpeechTEK Proceedings, New York.

Goette, T. (2000). Keys to the adoption and use of voice recognition technology in organizations. Information Technology & People, 13(1), 67-80.

Goodliffe, C. (2000). The telephone and the Internet. Paper presented at the AVIOS Proceedings of the Speech Technology & Applications Expo.

Green, H. D. (2004). Adding User-Friendliness and Ease of Implementation to Continuous Speech Recognition Technology with Speech Macros: Case Studies. Journal of Healthcare Information Management, 18(4), 40-48.

Heppner, P. P., Wampold, B. E., & Kivlighan, D. M. (2008). Research Design in Counseling (3rd ed.). Belmont, CA: Thompson Brooks/Cole.

Higgins, E. L., & Raskind, M. H. (2000). Speaking To Read: The Effects of Continuous vs. Discrete Speech Recognition Systems on the Reading and Spelling of Children with Learning Disabilities. Journal of Special Education Technology, 15(1), 19-30.

Koufaris, M. (2002). Applying the Technology Acceptance Model and Flow Theory to Online Consumer Behavior. Information Systems Research, 1 3(2), 205 -223.

Lai, J. (2000). Conversational interfaces. Communications of the ACM, 43, 24-27.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


Leitch, D., & Bain, K. (2000). Improving access for persons with disabilities in higher education using speech recognition technology. Paper presented at the AVIOS Proceedings of The Speech Technology & Applications Expo.

Luse, A., Scheibe, K. P., & Townsend, A. M. (2009). Addressing Internal Security Threats with Roaming User-Based Distributed Firewalls. Journal of Information System Security, 5(2), 26-41.

Noyesand, J., & Frankish, C. (1 992). Speech recognition technology for individuals with disabilities. Augmentative and Alternative Communication, 8(4), 297-303. Richardson, R. (2009). CSI Computer Crime and Security Survey. Computer Security Institute, 14, 1-17

Rolandi, W. (2000). Speech recognition applications and user satisfaction in the imperfect world. Paper presented at the AVIOS Proceedings of the Speech Technology & Applications Expo.

Shneiderman, B. (2000). The limits of speech recognition. Communications of the ACM, 43,63-65.

Shuchib Ernest, C., & Heng, M. S. H. (2006). An Empirical Study on Voice-Enabled Web Applications. Pervasive Computing, IEEE, 5(3), 76-8 1.

Simon, S. J., & Paper, D. (2007). User Acceptance of Voice Recognition Technology: An Empirical Extension of the Technology Acceptance Model. Journal of Organizational and End User Computing, 18(4), 24-50.

Soule, E. (2000). Selecting the best embedded speech recognition solution. Paper presented at the SpeechTEK Proceedings, New York.

Sweller, J. (1988). Cognitive load during problem solving: Effects on learning. Cognitive science, 12(2), 257.

Tanveer, S. (2006). Voice Biometrics based User Verification: An Exemplary Tool for Secure Identification. In J. Bhattacharya (Ed.), Technology in Government. New Delhi: Global Institute of Flexible Systems Management.

Venkatesh, V. (2000). Determinants of Perceived Ease of Use: Integrating Control, Intrinsic Motivation, and Emotion into the Technology Acceptance Model. Information Systems Research, 1 1 (4), 342-365.

Venkatesh, V., & Bala, H. (2008). Technology Acceptance Model 3 and a Research Agenda on Interventions. Decision Sciences, 39(2), 273-3 15.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


Venkatesh, V., & Davis, F. D. (2000). A theoretical extension of the technology acceptance model: Four longitudinal field studies. Management Science, 46(2), 186- 204.

Venkatesh, V., & Morris, M. G. (2000). Why Don't Men Ever Stop to Ask for Directions? Gender, Social Influence, and their Role in Technology Acceptance and Usage Behavior. MIS Quarterly, 24(1), 1 15-1 39.

Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D. (2003). User acceptance of information technology: Toward a unified view. MIS Quarterly, 27(3), 425-478.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


APPENDIX A - TAM SURVEY INSTRUMENT

Distributed Security Console Questionnaire

For each of the following 14 questions, please answer in the context of the following scenario. If 1 were required to use this tool again as a network security admin, then ...

Strongly Strongly Agree Disagree

1. Using DSC in my job would enable me to accomplish 1 2 3 4 5 6 tasks more quickly. c c c c c c

2. Using DSC would improve my job performance. 1 2 3 4 5 6 C C C C C C

3. Using DSC in my job would increase my productivity. 1 2 3 4 5 6 C C C C C C

4. Using DSC would enhance my effectiveness on the job. 1 2 3 4 5 6 C C C C C C

5. Using DSC would make it easier to do my job. 1 2 3 4 5 6 C C C C C C

6. 1 would find DSC useful in my job. 1 2 3 4 5 6 C C C C C C


7. Learning to operate DSC would be easy for me. 1 2 3 4 5 6 C C C C C C

8. 1 would find it easy to get DSC to do what I want it to do. 1 2 3 4 5 6 C C C C C C

9. My interaction with DSC would be dear and 1 2 3 4 5 6 understandable. c c c c c c

10. 1 would find DSC to be flexible to interact with. 1 2 3 4 5 6 C C C C C C

11. It would be easy for me to become skillful at using 1 2 3 4 5 6 DSC. c c c c c c

12. 1 would find DSC easy to use. 1 2 3 4 5 6 C C C C C C

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014



13. 1 would be likely to choose the speech enabled version coupled with traditional input mechanisms as 1 2 3 4 5 6 opposed to the version incorporating only traditional c input mechanisms. .

14. 1 would choose to purchase the speech enabled version coupled with traditional input mechanisms as opposed to the version incorporating only traditional

6

input mechanisms if I were charged with making the " decision.

Optional

Circle the classification which best describes your computer usage. network admin

other IT professional

advanced user

competent user

use computers frequently at work

do not use computers

Circle your gender. female

male --

Enter v o u r a K

Circle the classification which best describes your racelethnic origin. Hispanic

White

African American

Native American

Asian

Other

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


APPENDIX B - USER RESEARCH SESSION TASK INSTRUCTION SHEET

Distributed Security Console Task

Distributed Security Console (DSC) is a management tool which aids network administrators in configuring network settings across a network. This implementation allows the user to view and update distributed frewall settings on each computer which is located on the corporate LAN.

In this study you will be asked to complete the same network security administration tasks two different times. One time will involve the traditional click and type method. The other iteration will involve traditional click and type as well as speech enabling capabilities. Remember that during this task you can use BOTH traditional AND speech. The order in which you perform the above two tasks will be determined randomly by the instructor. After each of the 2 set of tasks you will be asked to fill out the same survey.

First Iteration

1. Open computer L 2. View the current user logged into the computer. 3. Change the Logging settings to Log successfulpackets (check). 4. Add a port named FTP with the port number 21, protocol of TCP and the

scope of All. 5. Enable the FTP port just created (select, then check). 6 . Close the current computer.

Second Iteration

1. Open computer 2. 2. View the current user logged into the computer. 3. Change the Logging settings to Log successfulpackets (check). 4. Add a port named FTP with the port number 21, protocol of TCP and the

scope of All. 5. Enable the FTP port just created (select, then check). 6 . Close the current computer.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


APPENDIX C - SPEECH SETUP INSTRUCTION SHEET

Microsoft Windows XP voice command setup

Start - Settings - Control Panel In the upper left-hand comer click on Switch to Classic View Double-click the Speech icon In the Recognition ProJiles group click the New button Enter your name in the box and click Next Follow the prompts (click Next and read aloud when prompted) You will click Finish once in the middle and then keep going (by clicking Next)

When reading be sure to speak in your everyday voice. Don't speak too quickly. If the program does not recognize a word, go back to the last highlighted word and keep reading.

Click Finish when you get to the screen that says Thank you for training at the top Make sure that the profile with your name has been selected in the listbox under Recognition Profiles Click OK

Andy Luse is a PhD student in Business and Technology specializing in Management of Information Technology at Iowa State University. Andy received his Ph.D. in Human Computer Interaction and Computer Engineering from Iowa State University in 2009. His research interests include computer and network security, visualization for computer and network security, and user interface design and usability. He is a member of the Association for Computing Machinery, the Institute of Electrical and Electronics Engineers, and the Association for Information Systems.

Brian E. Mennecke is an Associate Professor of Management Information Systems at Iowa State University. His research interests include collaboration and collaborative systems, social networks and crowd sourcing, the use of virtual worlds for collaboration and teaching, mobile and electronic commerce, spatial technologies and location- intelligence systems, and data visualization and support systems. He has previously published a book on mobile commerce and articles in academic and practitioner journals such as Management Information Systems Quarterly, the International Journal of Human-Computer Studies, the Journal of Animal Science, the Journal of Management Information Systems, Organizational Behavior and Human Decision Processing, and Small Group Research.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014


Anthony M. Townsend, Ph.D. is an Associate Professor of MIS at Iowa State University. He received his MS and PbD. from Virginia Polytechnic Institute and State University and conducts research in collaborative systems and virtual teams. He has published in MIS Quarterly, Information Systems Research, the Communications of the ACM, along with a number of other venues. He is currently conducting research in collaborative systems designed to enhance a variety of organizational processes, including security.

Dow

nloa

ded

by [

Nor

thea

ster

n U

nive

rsity

] at

09:

21 0

4 N

ovem

ber

2014

User Acceptance of Speech-Enabled Technologies for Configuration of Computer and Network Security

Documents

Transcript of User Acceptance of Speech-Enabled Technologies for Configuration of Computer and Network Security