Welcome to the Third International Conference on Information Security and Ass- ance (ISA 2009). ISA 2009 was the most comprehensive conference focused on the various aspects of advances in information security and assurance. The concept of security and assurance is emerging rapidly as an exciting new paradigm to provide reliable and safe life services. Our conference provides a chance for academic and industry professionals to discuss recent progress in the area of communication and networking including modeling, simulation and novel applications associated with the utilization and acceptance of computing devices and systems. ISA 2009 was a succ- sor of the First International Workshop on Information Assurance in Networks (IAN 2007, Jeju-island, Korea, December, 2007), and the Second International Conference on Information Security and Assurance (ISA 2008, Busan, Korea, April 2008). The goal of this conference is to bring together researchers from academia and industry as well as practitioners to share ideas, problems and solutions relating to the multifaceted aspects of information technology. ISA 2009 contained research papers submitted by researchers from all over the world. In order to guarantee high-quality proceedings, we put extensive effort into reviewing the papers. All submissions were peer reviewed by at least three Program Committee members as well as external reviewers. As the quality of the submissions was quite high, it was extremely difficult to select the papers for oral presentation and publication in the proceedings of the conference.

Information Assurance and Its Application.- Designing Low-Cost Cryptographic Hardware for Wired- or Wireless Point-to-Point Connections.- A Security Metrics Development Method for Software Intensive Systems.- The ISDF Framework: Integrating Security Patterns and Best Practices.- Security Protocol and Its Application.- Client Hardware-Token Based Single Sign-On over Several Servers without Trusted Online Third Party Server.- Concurrency and Time in Role-Based Access Control.- Performance Assessment Method for a Forged Fingerprint Detection Algorithm.- An Efficient Password Authenticated Key Exchange Protocol with Bilinear Parings.- A New Analytical Model and Protocol for Mobile Ad-Hoc Networks Based on Time Varying Behavior of Nodes.- Context-Based E-Health System Access Control Mechanism.- Analysis of a Mathematical Model for Worm Virus Propagation.- Other Security Research.- A Contents Encryption Mechanism Using Reused Key in IPTV.- High Capacity Method for Real-Time Audio Data Hiding Using the FFT Transform.- Experiment Research of Automatic Deception Model Based on Autonomic Computing.- Improving the Quality of Protection of Web Application Firewalls by a Simplified Taxonomy of Web Attacks.- Reconsidering Data Logging in Light of Digital Forensics.- Blurriness in Live Forensics: An Introduction.