Any event that attempts to change the security state of the system (e.g., change access controls, change the security level of a user, change a user password). Also, any event that attempts to violate the security policy of the system (e.g., too many logon attempts).
Sources:
NISTIR 5153
under Security Relevant Event
from
DoD 5200.28-STD