of Project Management in Public Administration
FEATURED PAPER
By Luca Paolo Giuseppe Prinzio
Turin, Italy
Abstract
Cybersecurity is today a strategic priority for Public Administration. This article shows how the Project Manager can transform security from a technical obligation into a lever for public value, integrating regulations, methodologies, and organisational culture. With agile approaches, AI, and structured governance, project management becomes a tool for resilience, trust, and sustainable innovation.
Introduction
Information security in Public Administration is not a separate technical compartment, but the backbone of the State’s ability to deliver services, protect rights, and ensure institutional continuity. The cloud, in its various declinations—proprietary or public poles—has made the application lifecycle more efficient but has structurally expanded the attack surface. Today, registries, healthcare systems, taxes, territorial information assets, digital education, and telematic justice live on distributed infrastructures, with complex dependencies between data centers, networks, platforms, and suppliers. In this scenario, the Project Manager is not the custodian of the Gantt chart; they are the director who organises technology, processes, and people to transform cybersecurity from a perceived cost into a generator of public value, translating compliance into governance and adherence into measurable resilience. The starting point is not the list of controls, but the definition of value: which services must remain operational under all conditions, with what service levels, at what cost, and with what recovery priorities. It is here that project management shows its enabling nature: integrating different viewpoints, aligning choices with strategy, and making security sustainable throughout the entire service lifecycle.
The Changing Context
The context has irreversibly changed. The armed conflicts of recent years have opened a second stable front, the digital one, in which state and non-state groups use malware, targeted phishing campaigns, DDoS attacks, sabotage against civilian infrastructures, and influence operations. A “hybrid war” that knows no borders and makes even administrations not directly involved possible collateral targets, vectors of disinformation, or pawns of geopolitical pressure. The European Public Administration cannot read these phenomena as remote risks: the legislator has reacted with the NIS2 Directive, which imposes risk management measures, notification obligations, and supervision rules for a wide range of essential and important entities, including administrations and operators of fundamental services. The effect for the Project Manager is concrete: hardening, migration, or rationalisation projects must include from the outset a design of organisational and technical controls, reporting flows, and effectiveness metrics proportionate to the service risk, as well as a coordination mechanism with national authorities and CSIRTs. (EUR-Lex)
More…
To read entire paper, click here
How to cite this work: Prinzio, L. P. G. (2026). Cybersecurity as the New Frontier of Project Management in Public Administration, PM World Journal, Vol. XV, Issue IV, April. Available online at https://pmworldjournal.com/wp-content/uploads/2026/04/pmwj163-Apr2026-Prinzio-Cybersecurity-as-new-frontier-of-PM-in-public-administration.pdf
About the Author
Luca Paolo Giuseppe Prinzio
Turin, Italy
Luca Paolo Giuseppe Prinzio is a certified Project Manager and Database Administrator at CSI Piemonte in Turin, Italy, where he participates in complex projects on cloud and security. For over twenty years he has worked in the ICT world and carries out teaching and consulting activities in the field of Project Management. He can be contacted at lprinzio@gmail.com and linkedin.com/in/lprinzio
