The third international conference on Information Security Practice and - perience (ISPEC 2007) was held in Hong Kong, China, May 7 – 9, 2007. The conference was organized and sponsored by City University of Hong Kong. As applications of information security technologies become pervasive, - sues pertaining to their deployment and operation are becoming increasingly important. ISPEC is an annual conference that brings together researchers and practitioners to provide a con?uence of new information security technologies, their applications and their integration with IT systems in various vertical s- tors. In 2005 and 2006,the ?rst and second conferences were held successfully in Singapore and Hangzhou, China, respectively. The conference proceedings were published by Springer in the Lecture Notes in Computer Science series. The Program Committee received 135 submissions, and accepted 24 papers for presentation. The ?nal versions of the accepted papers, which the authors ?nalized on the basis of comments from the reviewers, are included in the p- ceedings.The entire reviewing process tooknine weeks,eachpaper was carefully evaluated by at least three members from the ProgramCommittee. The indiv- ual reviewing phase was followed by a Web-based discussion. Papers over which the reviewers signi?cantly disagreed were further reviewed by external experts. Based on the comments and scores given by reviewers, the ?nal decisions on acceptance were made. We appreciate the hard work of the members of the P- gram Committee and external referees, who gave many hours of their valuable time.