Not really.
You have to educate them about the way the internet works and about how apache works.
It's not windows. The world will only be able to accesss your machine, if they forward port 80 to your internal ip.
You don't have access to other peoples machines in the building do you ?

Actually your building owner is showing some intelligence. Unfortunately, they are also focusing on the lesser threats.

It is true that by forwarding a port to your Apache server, you are open to exploits and if successful, the buildings network is at risk. Your level of vulnerability is going to depend on things like the kind of applications you are serving (PHP apps require a higher degree of vigilance than plain HTML), the degree to which you keep your system patched and the degree to which you monitor your system. So things you can do are:

• Run extra security measures like mod_security
• Make sure PHP is locked down tight, or don't run PHP services at all
• Run a monitoring system like Aide or Samhain or a IDS like Snort
• Have a patch/update plan that you actually follow
• Run apache in a virtual machine or chroot jail

What your owner is missing is that normal web browsing using Internet Exploder is probably a much greater threat to the integrity of the building's network than your Apache server ever could be. Most of the more common threats (trojans, viruses, warez, etc.) don't require a port to be forwarded in order for the compromised machine to wreak havoc and don't require a forwarded port in order to initiate the zombifcation of the machines.

As far as locking down access to a few trusted IP addresses, that certainly can be done very easily on your server using hosts.allow/hosts.deny or iptables. The building router might be capable of it, but that is probably dependent on the router's firmware.