This book constitutes the thoroughly refereed post-conference proceedings of the Third International Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2017, and the First International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, held in Oslo, Norway, in September 2017, in conjunction with the 22nd European Symposium on Research in Computer Security, ESORICS 2017.The CyberICPS Workshop received 32 submissions from which 10 full and 2 short papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 5 full papers out of 14 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling.