Jason Wicker of IBM has posted a comprehensive set of security concepts and considerations for IBM WebSphere Portal. While much of this information exists in various forms throughout the v6.1 and v7.0 InfoCenters and Redbooks, Jason captures it all in one place.
I’d recommend that Portal customers and consultants use that article as a security-related checklist to help ensure all of those items are at least discussed.
The title of Jason’s article states that the information is for Portal administrators. I agree that it’s important for Portal admins to know about these topics, but I think it’s even more important for the Portal Architect to be familiar with them and know when to recommend each for implementation.