What is the focus of incident management in relation to security threats?

Incident management primarily focuses on responding to security threats in an effective and organized manner. The key objective is to contain attacks, which involves identifying and isolating threats to minimize their impact on the organization. This containment helps protect sensitive data and ensures that any breaches do not spread to other systems. Additionally, documenting incidents is crucial because it provides valuable information for analysis and future prevention strategies. This documentation can include the nature of the incident, the response efforts, and lessons learned, all of which contribute to improving the organization's security posture and readiness for future incidents.

The other options focus on different aspects of security management. Handling user permissions and roles pertains to access control, which is essential but not the core focus of incident management. Ensuring system upgrades do not affect operations relates more to change management and systems administration, while preventing unauthorized access addresses security measures more generally rather than the specific actions taken during an incident response. Thus, the focus on containment and documentation truly encapsulates the essence of incident management in the context of security threats.