How would you break down an ambiguous security threat into a mathematically or logically solvable model?