This volume contains the 12 papers presented at the WISTP 2009 conference, held in Brussels, Belgium in September 2009. WISTP 2009 was the third int- national workshop devoted to information security theory and practice. WISTP 2009 built on the successful WISTP 2007 and 2008 conferences, held in Heraklion, Crete, Greece and Seville, Spain in May 2007 and May 2008, - spectively. The proceedings of WISTP 2007 and WISTP 2008 were published as volumes 4462 and 5019 of the Lecture Notes in Computer Science series. This workshop received the following support: – Co-sponsored by IFIP WG 11. 2 Small System Security – Co-sponsored by VDE ITG – Technical sponsorship of the IEEE Systems, Man & Cybernetics Society – Supported by the Technical Committee on Systems Safety and Security – Organized in cooperation with the ACM SIGSAC – Supported by ENISA – Supported by the Institute for Systems and Technologies of Information, Control and Communication (INSTICC) These proceedings contain 12 original papers covering a range of theoretical and practical topics in information security. For the purposes of the organi- tion of the WISTP program, the papers were divided into four main categories, namely: – Mobility – Attacks and Secure Implementations – Performance and Security – Cryptography The12papersincludedherewereselectedfromatotalof27submissions. The refereeing process was rigorous,involving at least three (and mostly four or ?ve) independent reports being prepared for each submission.