Can security be applied at the project level?