Risk management is one of the main management processes of security information since it aims to identify, analyze, evaluate and control risks that are due to security information. To utilize usersâ experiences in this process, the utilization of collaborative tasks allows one to exploit argumentative interactions between project participants that are involved in the development of risk management debates regarding security information. The goal of this paper is to propose an argumentation-based collaborative approach to deal with such risk management of security information. The approach aims to guarantee that activities defined in a security risk management process are executed accordingly. In it, a set of rules is proposed to ensure that the final security risk management debate is complete and consistent with the arguments presented by participants of a security software project. This communication protocol is tailored to a process of security risk management that was particularly defined from the ISO / IEC 27005. The protocol allows users to structure and control risk discussions developed by debate participants using a web-based tool called RD System. Through this system, a case study was developed to validate the approach proposed in this work.