Dynamic Multilayer Information System Cartography for Cybersecurity, Compliance and Industrial Governance - The CARTOGRAPHIT Framework
摘要
Enterprises and public administrations rely on complex, distributed information systems (IS) that integrate heterogeneous technologies and infrastructures. Managing these systems requires accurate cartography and robust modelling to ensure alignment with business objectives, regulatory compliance, and resilience to cybersecurity threats. Cartography -dynamically eliciting app, tools, components- serves as a decision-support tool that builds stakeholder trust and acceptance through transparency and explainability, enabling stakeholders to visualize processes, data flows, and system dependencies. As such, cartography is becoming a cornerstone for cybersecurity, regulatory compliance, and enterprise governance. This paper presents CARTOGRAPHIT, a framework bridging academic research and industrial deployment through the CyberCampus ANR INRIA PTCC program( https://ptcc.fr/ ). Our multilayer data model separates business, application, data, and infrastructure concerns, offering clarity and adaptability. We implement 6 layers, at various levels of granularity (ecosystem, business, application, container, logical, physical) enabling an intelligent auto-discovery engine. CARTOGRAPHIT combines contributions in trust, traceability, and (meta)data modelling with compliance requirements (ANSSI, GDPR, ISO 27001, NIS2).