diff --git a/lib/draper/security.rb b/lib/draper/security.rb
index 8a39d81..fe39b34 100644
--- a/lib/draper/security.rb
+++ b/lib/draper/security.rb
@@ -1,44 +1,48 @@
 module Draper
   class Security
     def initialize
-      @allowed = []
-      @denied = []
+      @methods = []
     end
 
     def denies(*methods)
-      raise ArgumentError, "Specify at least one method to blacklist when using denies" if methods.empty?
-      self.strategy = :denies
-      @denied += methods.map(&:to_sym)
+      apply_strategy :denies
+      add_methods methods
     end
 
     def denies_all
-      self.strategy = :denies_all
+      apply_strategy :denies_all
     end
 
     def allows(*methods)
-      raise ArgumentError, "Specify at least one method to whitelist when using allows" if methods.empty?
-      self.strategy = :allows
-      @allowed += methods.map(&:to_sym)
+      apply_strategy :allows
+      add_methods methods
     end
 
     def allow?(method)
       case strategy
       when :allows
-        allowed.include?(method)
-      when :denies, nil
-        !denied.include?(method)
+        methods.include?(method)
+      when :denies
+        !methods.include?(method)
       when :denies_all
         false
+      when nil
+        true
       end
     end
 
     private
 
-    attr_reader :allowed, :denied, :strategy
+    attr_reader :methods, :strategy
 
-    def strategy=(strategy)
-      @strategy ||= strategy
-      raise ArgumentError, "Use only one of 'allows', 'denies', or 'denies_all'." unless @strategy == strategy
+    def apply_strategy(new_strategy)
+      raise ArgumentError, "Use only one of 'allows', 'denies', or 'denies_all'." if strategy && strategy != new_strategy
+      @strategy = new_strategy
+    end
+
+    def add_methods(new_methods)
+      raise ArgumentError, "Specify at least one method when using #{strategy}" if new_methods.empty?
+      @methods += new_methods.map(&:to_sym)
     end
   end
 end