Free Self-Assessment Tool

Free IT Security Risk Self-Assessment | Evaluate Your Cybersecurity Posture

Take the first step toward a more secure organization. PTG's guided self-assessment helps you identify vulnerabilities, understand your risk exposure, and build a clear path to stronger cybersecurity — all at no cost and with no obligation. Serving businesses across Raleigh, Durham, RTP, and the greater Triangle, NC region for over 22 years.

Start Your Free Assessment 919-348-4912

The Problem

Most Businesses Don't Know Their True Risk Level

Dangerous Blind Spots

The vast majority of small and mid-sized businesses operating across Raleigh, Durham, and the Research Triangle Park area have never conducted a formal security risk assessment. They rely on antivirus software, a firewall they set up years ago, and the assumption that cybercriminals only target large enterprises. This creates dangerous blind spots — outdated access controls, unpatched systems, misconfigured cloud environments, and employees who have never received security awareness training. These gaps are invisible until an attacker exploits them, and by then the damage is already done. Data exfiltration, ransomware encryption, and regulatory fines can cost hundreds of thousands of dollars and permanently erode customer trust.

A False Sense of Security

Having some security measures in place often creates a more dangerous situation than having none at all, because it breeds complacency. Organizations believe their perimeter defenses are sufficient when in reality their attack surface has expanded dramatically through remote work policies, cloud adoption, mobile devices, and third-party integrations. Without a structured, methodical evaluation of every layer of your security posture, you cannot know where your real exposures lie. A self-assessment is the critical first step in transforming your cybersecurity approach from reactive guesswork into informed, strategic risk management that protects your business, your clients, and your reputation.

Our Solution

PTG's Guided Security Risk Self-Assessment

A structured, expert-designed evaluation that gives you immediate visibility into your organization's security strengths and weaknesses.

Self-Guided Evaluation

Our self-assessment tool walks you through a comprehensive series of questions covering every critical domain of IT security. Designed by PTG's certified security experts who have protected over 2,500 companies across the Triangle over the past 22 years, each question is carefully crafted to surface real vulnerabilities — not just check boxes. You do not need deep technical expertise to complete the assessment. The questions are written in plain language with contextual guidance that explains why each area matters and what good security looks like in practice. The entire evaluation can be completed in approximately 30 to 45 minutes, and you can save your progress and return at any time. At the end, you receive an instant preliminary score across six key security domains.

Instant Risk Scoring

Once you complete the self-assessment, our system generates a detailed risk profile that breaks down your security posture across network security, access controls, data protection, compliance readiness, incident preparedness, and cloud security. Each domain receives an individual score along with a composite overall risk rating. The scoring methodology is based on the same NIST and CIS frameworks that PTG uses in our professional security risk assessments. You will see exactly where your organization excels, where gaps exist, and which vulnerabilities pose the most immediate threat to your operations. The report prioritizes findings by severity so you know precisely where to focus your remediation efforts first.

Expert Follow-Up

Your self-assessment results are a starting point, not an endpoint. Every completed assessment qualifies for a complimentary one-on-one review session with a PTG security analyst. During this session, our expert will walk through your results, validate findings against real-world threat intelligence, and provide additional context that only hands-on experience can offer. We will identify areas where a deeper technical evaluation — such as a full IT security risk assessment or network security audit — may be warranted, and we will outline a prioritized remediation roadmap tailored to your budget and timeline. There is absolutely no obligation and no high-pressure sales pitch. Our goal is to help you understand your risk and give you actionable next steps.

What We Evaluate

Six Critical Security Domains Covered

Our self-assessment evaluates every major pillar of your cybersecurity posture to deliver a complete risk picture.

🔒

Network Security Check

Your network is the backbone of your organization and the primary target for attackers seeking unauthorized access. This domain evaluates your firewall configurations, intrusion detection and prevention systems, network segmentation practices, VPN implementations, and wireless security protocols. We assess whether your perimeter defenses are current, properly configured, and capable of detecting modern threats including lateral movement, command-and-control communications, and data exfiltration attempts. The assessment also examines your network monitoring capabilities to determine whether you have sufficient visibility into traffic patterns and anomalous behavior that could indicate a compromise in progress.

👤

Access Control Review

Improper access controls are among the most common root causes of security breaches. This domain examines your identity and access management practices including password policies, multi-factor authentication deployment, role-based access controls, privileged account management, and account lifecycle procedures. We evaluate whether the principle of least privilege is consistently applied across your systems and whether former employees, contractors, and vendors have had their access properly revoked. The assessment also covers physical access controls, remote access policies, and how effectively your organization manages access across cloud platforms, SaaS applications, and on-premises infrastructure simultaneously.

🗃

Data Protection Audit

Data is your most valuable asset and the ultimate target of most cyberattacks. This domain evaluates how your organization classifies, stores, transmits, and disposes of sensitive information. We assess your encryption practices for data at rest and data in transit, your backup and disaster recovery procedures, data loss prevention controls, and your ability to maintain data integrity during a security incident. The assessment examines whether you have a current data inventory that identifies where sensitive information resides across your environment — including shadow IT and unsanctioned cloud storage — and whether appropriate safeguards are in place for each data classification level.

📋

Compliance Gap Analysis

Regulatory compliance is not optional, and the penalties for non-compliance continue to increase. This domain assesses your organization's readiness against the specific compliance frameworks applicable to your industry, whether that is HIPAA for healthcare, CMMC and NIST 800-171 for federal contractors, PCI-DSS for organizations handling payment card data, or SOC 2 for technology service providers. We evaluate your documentation practices, policy management procedures, audit trail capabilities, and evidence collection processes. The assessment identifies specific gaps between your current state and compliance requirements, giving you a clear roadmap to achieve and maintain full regulatory compliance with the support of PTG's security and compliance services.

⚠

Incident Readiness Score

When a security incident occurs — and statistics confirm it is a matter of when, not if — your response speed and effectiveness determine whether the event is a minor disruption or a catastrophic breach. This domain evaluates whether your organization has a documented and tested incident response plan, whether your team knows their specific roles and responsibilities during an incident, and whether your communication procedures cover internal stakeholders, customers, regulators, and law enforcement. We assess your forensic capabilities, evidence preservation procedures, and your ability to restore operations from backups within acceptable recovery time objectives. Organizations that score poorly in this domain are the most vulnerable to prolonged outages and escalating damage during a real-world attack.

☁

Cloud Security Evaluation

As businesses across Raleigh, Durham, and RTP continue migrating workloads to cloud platforms, the attack surface expands in ways that traditional security tools cannot address. This domain evaluates your cloud security posture across AWS, Azure, Google Cloud, and Microsoft 365 environments. We assess your identity federation and single sign-on configurations, data residency and sovereignty practices, cloud access security broker deployments, and infrastructure-as-code security practices. The assessment examines whether your cloud configurations follow CIS benchmarks, whether logging and monitoring are enabled across all cloud services, and whether your cloud governance framework scales appropriately as your organization adopts new cloud capabilities and services.

Proven Track Record

Numbers That Speak for Themselves

22+

Years of Security Expertise

2,500+

Companies Protected

Security Breaches

500+

Assessments Completed

Ready to see what PTG can do for your business? Schedule a free consultation and join the businesses across the Triangle that trust us with their technology.

919-348-4912

Industry Applications

Tailored for Your Industry's Unique Risk Profile

Our self-assessment adapts its focus based on the regulatory and threat landscape specific to your sector across the Raleigh, Durham, and Research Triangle Park region.

Healthcare & Medical

Healthcare organizations face some of the most stringent regulatory requirements in any industry. Our self-assessment includes HIPAA-specific questions that evaluate your administrative, physical, and technical safeguards for protected health information. We examine your electronic health record security practices, business associate agreement management, breach notification readiness, and patient data encryption standards. Healthcare practices across the Triangle trust PTG to help them understand their HIPAA compliance posture before regulators come knocking.

Federal Contractors

With Research Triangle Park's significant federal contracting community, CMMC and NIST 800-171 compliance is critical for winning and retaining government contracts. Our self-assessment evaluates your Controlled Unclassified Information handling practices, System Security Plan documentation, Plan of Action and Milestones readiness, and alignment with the 110 security requirements in NIST 800-171. Whether you are preparing for a CMMC Level 2 certification or need to validate your existing compliance posture, this assessment gives you a clear baseline.

Financial Services

Banks, credit unions, investment advisors, and financial technology companies must maintain rigorous security controls to satisfy PCI-DSS, SOX, GLBA, and state banking regulations. Our self-assessment examines your payment card data handling procedures, transaction monitoring capabilities, customer data protection practices, and audit trail integrity. Financial institutions in the Raleigh-Durham metro area rely on PTG to ensure their security posture meets the exacting standards that regulators and clients demand.

Legal Firms

Law firms are custodians of extremely sensitive client information, making them high-value targets for sophisticated threat actors. Our self-assessment evaluates your attorney-client privilege protections, e-discovery readiness, document management security, and compliance with state bar association cybersecurity requirements. We examine your email encryption practices, secure file sharing methods, and access controls for confidential case materials. Legal practices across Durham and Raleigh partner with PTG to safeguard the trust that is foundational to the attorney-client relationship.

Full Security Risk Assessment IT Security Risk Assessment Network Security Audit Security & Compliance Free IT Consultation

Why PTG

Why Petronella Technology Group for Your Self-Assessment

✓

Completely Free Initial Assessment

Our self-assessment tool is provided at absolutely no cost. There are no hidden fees, no credit card requirements, and no surprise invoices. PTG believes that every business deserves to understand its security posture, which is why we have invested in building a world-class self-assessment tool that delivers genuine value before you ever spend a dollar. We have helped hundreds of organizations across Raleigh, Durham, Chapel Hill, and the broader Triangle region take the critical first step toward stronger cybersecurity simply by making this resource freely available.
✓

Zero-Obligation Expert Analysis

Every completed self-assessment includes a complimentary consultation with a PTG security analyst. This is not a sales call disguised as a consultation — it is a genuine review of your results conducted by a certified professional who will answer your questions, explain the implications of your findings, and offer candid advice. You are under no obligation to engage PTG for any paid services. Many organizations use the self-assessment and consultation as their sole engagement with us, and we are happy to have helped them improve their security awareness.
✓

Actionable Remediation Roadmap

Unlike generic security checklists that leave you with more questions than answers, PTG's self-assessment delivers a prioritized remediation roadmap. Each identified gap is accompanied by specific, practical recommendations ranked by severity and implementation effort. You receive a clear sequence of actions — what to fix first, what can wait, and what requires professional assistance — so your team can begin improving your security posture immediately. The roadmap is designed to be actionable regardless of whether you work with PTG or handle remediation independently.
✓

Backed by 22+ Years and zero breaches among clients following our security program

The self-assessment methodology is built on the same frameworks and expertise that have enabled PTG to protect over 2,500 companies with zero security breaches among clients following our security program over more than two decades. Our team's certifications span CEH, CompTIA Security+, and numerous compliance-specific credentials. When you complete our self-assessment, you benefit from the same depth of knowledge that our enterprise clients rely on daily. That track record is not a marketing claim — it is a verifiable, documented history of security excellence that businesses across the Triangle NC area trust with their most critical assets.

FAQ

Frequently Asked Questions About the Self-Assessment

What does the security risk self-assessment cover?

The self-assessment covers six critical domains of cybersecurity: network security, access controls, data protection, compliance readiness, incident response preparedness, and cloud security. Each domain includes a series of targeted questions designed to evaluate your current practices against industry best practices and regulatory requirements. The assessment is comprehensive enough to surface real vulnerabilities while remaining accessible to non-technical stakeholders.

How long does the self-assessment take to complete?

Most organizations complete the self-assessment in approximately 30 to 45 minutes. The exact duration depends on the complexity of your environment and how many stakeholders you involve in the process. You can save your progress at any time and return to finish the assessment later. We recommend involving your IT administrator or managed service provider for the more technical questions, as their input will improve the accuracy of your results.

What happens after I complete the self-assessment?

Immediately upon completion, you receive an instant risk score across all six security domains along with a preliminary report highlighting your most critical vulnerabilities. Within one business day, a PTG security analyst will reach out to schedule your complimentary follow-up consultation. During that session, we review your results in detail, validate findings, provide additional context, and deliver a prioritized remediation roadmap. You are under no obligation to engage PTG for any further services.

Does the self-assessment cost anything?

No. The security risk self-assessment is completely free, including the follow-up consultation with a PTG security analyst. There are no hidden fees, no credit card required, and no obligation whatsoever. PTG offers this tool as a public service because we believe every business deserves to understand its cybersecurity risk profile. If you decide to pursue a deeper engagement such as a full security risk assessment or managed security services, those are separate paid engagements that we will discuss transparently.

Who should take the self-assessment?

The self-assessment is designed for business owners, IT directors, office managers, compliance officers, and anyone responsible for the security and technology decisions within their organization. You do not need deep technical expertise to complete it — the questions are written in clear, accessible language with contextual explanations. That said, involving your IT team or managed service provider in the process will yield the most accurate results, especially for questions about network configurations and technical security controls.

How should I prepare before starting the self-assessment?

While no special preparation is required, having a few key pieces of information available will help you complete the assessment more accurately. Consider gathering a general understanding of your network architecture, a list of the major software applications and cloud services your organization uses, your current security policies and procedures documentation, any previous audit reports or compliance certifications, and your disaster recovery or business continuity plans. If any of these items do not exist, that is itself a valuable finding that the assessment will capture.

What is the difference between the self-assessment and a full security risk assessment?

The self-assessment is a guided questionnaire that relies on your knowledge of your own environment to produce a preliminary risk profile. A full security risk assessment is a hands-on technical engagement where PTG's certified analysts directly examine your infrastructure, scan for vulnerabilities, test configurations, review policies, and produce a comprehensive report with detailed technical findings. The self-assessment is an excellent starting point that helps you understand the general landscape. The full assessment provides the deep, verified analysis required for compliance audits, board reporting, and comprehensive remediation planning.

Is my data secure during the assessment process?

Absolutely. PTG treats all assessment data with the same level of security we apply to our managed clients. Your responses are encrypted in transit and at rest, stored in SOC 2 compliant infrastructure, and accessible only to authorized PTG personnel assigned to your consultation. We do not share, sell, or repurpose your assessment data under any circumstances. Our privacy practices are governed by the same policies that have maintained our strong security track record for clients on our managed program for over 22 years. You can request deletion of your assessment data at any time.

How often should I retake the self-assessment?

We recommend completing the self-assessment at least once per year, or whenever your organization undergoes a significant change such as migrating to a new cloud platform, expanding to a new office location, adopting a remote work policy, experiencing staff turnover in IT roles, or adding new regulatory requirements to your compliance obligations. Regular reassessment helps you track improvement over time and ensures that new risks introduced by organizational changes are identified promptly. Many of our clients in the Raleigh-Durham area retake the assessment quarterly as part of their ongoing security governance practices.

Can the self-assessment help with compliance requirements?

Yes. The compliance gap analysis domain within the self-assessment is specifically designed to evaluate your readiness against common regulatory frameworks including HIPAA, PCI-DSS, CMMC, NIST 800-171, and SOC 2. While the self-assessment alone does not constitute a formal compliance audit, it provides a reliable preliminary view of where your gaps exist and what remediation steps are necessary. Many organizations use the self-assessment results as a starting point before engaging PTG for a formal IT security risk assessment that produces audit-ready documentation and evidence packages.

Take Action Now

Start Your Free Security Risk Self-Assessment Today

In less than an hour, you will have a clear understanding of your organization's cybersecurity strengths, weaknesses, and the specific steps needed to reduce your risk exposure. No cost, no obligation — just actionable intelligence. Trusted by businesses across Raleigh, Durham, RTP, and the greater Triangle, NC region.