How does the ISC² definition of a cyber security incident differ from the NIST definition?
Both describe an unwanted/unexpected event affecting security, but ISC² stresses harm (or likely harm) to business operations, while NIST stresses violation of confidentiality, integrity or availability.
The ISC² definition: a cyber security incident is an unwanted or unexpected event (or series of events) that either harms business operations or has a high probability of doing so. NIST: an event that actually or potentially jeopardises the confidentiality, integrity or availability (the "CIA triad") of an information system or its data, or that violates security policies or acceptable-use rules. The practical difference is emphasis — ISC² is business-impact-centric, NIST is CIA/policy-centric.