The document discusses how information security professionals can take a more proactive approach. It recommends developing a standard questionnaire to complete as part of the change process to identify security impacts early. This helps integrate security into processes. It also suggests implementing a Privacy and Security Impact Assessment tool to identify and mitigate risks associated with new systems before operationalization. Using these tools can help information security professionals address issues proactively before they become threats, build a culture of security, and provide assurance to executive teams.