One of the first things I learned about cryptography is “There’s no such thing as cheating in cryptography”.  To illustrate the point, my college professor gave the class a REALLY hard cypher to decrypt.  Then he told members of a previous class to grudgingly give us information if asked.  In my case, a couple of beers were traded for the secret key.  The important lesson was: your data security may be only as good as a college student's resistance to alcohol.

Now, here's some other stuff I've seen along the way...

When security people talk about communication between two parties, rather than saying “person A” and “person B”, they tend to use two characters known as “Alice” and “Bob”.  Part of an after dinner speech from 1984 discusses Alice and Bob as if they were a real couple constantly dealing with the security problems and stilted constraints of examples that often use them. Alice and Bob
Bruce Shneier is probably one of the most well known data security experts since Alan Turing. His newsletter is a great way to see many of his insights without having to buy his books. Having said that, his books really are worth buying. The Cryptogram
Speaking of Alan Turing, here is a 3 or 4-rotor enigma simulator. This should be similar to the cipher machines that Turing helped code-break - although I don't think it includes all military variants. Enigma Simulation
Enigma Info
Voting systems have two seriously contradictory requirements: they must be anonymous AND verifyable. Cryptographer Ron Rivest, the “R” of RSA and the RCx ciphers, came up with a secure voting protocol that does not use cryptography. While this isn’t the most user-friendly scheme, it is a provocative concept. Three Ballot

Although this sounds simplistic, Data Security is a very big topic.  Almost every aspect of Information Technology can have some kind of security vulnerability.  Whether it's data transmission, disk storage, or human interfaces, ALL those vulnerabilities need to be addressed before calling a system "secure".  Here are some educational resources to help deal with the wide net a security strategy needs (although in the case of PCI, it's mostly focused on credit card handling).

SANS Institute

Trusted Computing Group

PCI Security