The article discusses how aligning information security policies with corporate risk management can improve overall strategic alignment. By using the same development process for both policies, a stronger relationship can be established. The researchers propose using a conventional corporate risk management framework for security policy development to achieve this alignment. Through a case example, they show how this approach can lead to security policies becoming integral drivers of corporate risk management considerations. The findings suggest that integrating security policy management with corporate risk management can enhance alignment between the two areas.