Explore the relationship between compliance and security in this 53-minute conference talk from Central Ohio Infosec 2015. Delve into the question of whether compliance equals security, examining high-profile breaches like Anthem and analyzing data breach statistics. Learn about achieving and maintaining compliance with standards such as PCI and HIPAA, including time-based requirements and OCR pilot audits. Examine case studies and the threat of ram scrapers. Gain insights into developing a secure compliance program, covering aspects like the NIF Security Framework, awareness training, sensitive data control, and critical security controls. Discover recommendations for building an effective compliance management program that enhances overall security posture.