Information security is crucial for businesses to manage risks and support operations. The enterprise information security policy guides security activities and sets goals and requirements. It needs to align with other business policies to meet evolving objectives. The paper suggests a framework to improve this alignment and offers a management approach to enhance security policy consistency with business strategies.