"Want to discuss the ISO 27X definition of a security incident...how can do that? But about the ISO definition of a "information security incident"...in day to day operation, it can be very difficult to distinguish between a "normal" incident and a information security incident. I cannot see, how the ISO definition can help...it seems - at first - a bit vague... Taking at face value, You can start classify ALL incident as security incident... But the definition in accord to 27000 is: "An information security incident is made up of one or more unwanted or unexpected information security events that could possibly compromise the security of information and weaken or impair business operations."
The main difference between a normal incident and an information security incident is that the second is related to information security and can affect the confidentiality, integrity and availability of information, so for example, a virus can be an information security incident (because for example information can be disclosed), and a norm al incident can be that the printer is failing (it is not related to the information security).
Many companies define in their information security incident management procedure, what is an information security incident (virus, access problem to information, etc.). So, this can be a good recommendation for you.