The WWW technology brings the rising of Enterprise Information Portal (EIP).However, providing a secure Enterprise Information Portal is one of essential quality of services (QoS) in Internet applications. Based on the security of designing EIP, the purposes of this paper are to find out various risk facets based on ISO 27001 reference standards and the ISMS process and also utilize AHP model to validate the factors of each risk facet using focus discussion of experts. Then, we refine and validate required factors of each risk facet through questionnaire method of five experts or scholars who are specialized in implementing a secure EIP system. In addition, we can establish an Information Security assessment model of EIP and design its algorithm. Finally, we develop a Metric Tool and also perform experiments to verify and validate the risk management of a selected EIP practice. According to the risk values, it can refine the risk level to verify and validate the security of EIP and propose related improving strategies. Based on the experimental result, our proposed assessment model and Metric Tool of EIP Information Security can be served as the security measure guidelines of implementing a secure Web application.