Security is an elusive target in today's high-speed and extremely complex, web enabled, information rich business environment. This paper presents the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a web engineering development process. These elements are derived from empirical evidence based on a web survey and supporting literature. This paper makes two contributions. The first contribution is the identification of the web engineering specific elements that need to be acknowledged and resolved prior to the assessment of a web engineering process from a security perspective.