Compliance is a reporting function of how your security program meets specific security standards controlled by regulatory organizations such as PCI, HIPAA or the Sarbanes-Oxley Act.  Relying on merely being compliant does not keep you secure.  Compliance is simply ensuring that a specific set of requirements are in place.  A proper security program keeps you safe.  Meeting compliance requirements typically results in a minimal baseline of protection.  To truly safeguard against sophisticated threats, you must elevate security and develop an overarching approach in which all the controls connect with each other to create a cohesive, multifaceted security program.