Enterprises and public administrations rely on complex, distributed information systems (IS) that integrate heterogeneous technologies and infrastructures. Managing these systems requires accurate cartography and robust modelling to ensure alignment with business objectives, regulatory compliance, and resilience to cybersecurity threats. Cartography -dynamically eliciting app, tools, components- serves as a decision-support tool that builds stakeholder trust and acceptance through transparency and explainability, enabling stakeholders to visualize processes, data flows, and system dependencies. As such, cartography is becoming a cornerstone for cybersecurity, regulatory compliance, and enterprise governance. This paper presents CARTOGRAPHIT, a framework bridging academic research and industrial deployment through the CyberCampus ANR INRIA PTCC program( https://ptcc.fr/ ). Our multilayer data model separates business, application, data, and infrastructure concerns, offering clarity and adaptability. We implement 6 layers, at various levels of granularity (ecosystem, business, application, container, logical, physical) enabling an intelligent auto-discovery engine. CARTOGRAPHIT combines contributions in trust, traceability, and (meta)data modelling with compliance requirements (ANSSI, GDPR, ISO 27001, NIS2).

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Dynamic Multilayer Information System Cartography for Cybersecurity, Compliance and Industrial Governance - The CARTOGRAPHIT Framework

  • Florence Sèdes,
  • Brice Chellet

摘要

Enterprises and public administrations rely on complex, distributed information systems (IS) that integrate heterogeneous technologies and infrastructures. Managing these systems requires accurate cartography and robust modelling to ensure alignment with business objectives, regulatory compliance, and resilience to cybersecurity threats. Cartography -dynamically eliciting app, tools, components- serves as a decision-support tool that builds stakeholder trust and acceptance through transparency and explainability, enabling stakeholders to visualize processes, data flows, and system dependencies. As such, cartography is becoming a cornerstone for cybersecurity, regulatory compliance, and enterprise governance. This paper presents CARTOGRAPHIT, a framework bridging academic research and industrial deployment through the CyberCampus ANR INRIA PTCC program( https://ptcc.fr/ ). Our multilayer data model separates business, application, data, and infrastructure concerns, offering clarity and adaptability. We implement 6 layers, at various levels of granularity (ecosystem, business, application, container, logical, physical) enabling an intelligent auto-discovery engine. CARTOGRAPHIT combines contributions in trust, traceability, and (meta)data modelling with compliance requirements (ANSSI, GDPR, ISO 27001, NIS2).