The correct answer is A, 'Job rotation,' because this security concept revolves around periodically transferring employees to different jobs or responsibilities. This reduces the risk of insider threats by making it difficult for an employee to maintain covert, unauthorized activities over an extended period. It also helps in the cross-training of staff, increases security awareness among employees, and can identify potential security gaps that a single individual might have missed or intentionally ignored. The other options, while related to personnel policies, do not specifically involve the regular shifting of roles to prevent insider threats and maintain security as Job rotation does. 'Mandatory vacation' is a policy that requires employees to take time off to help detect fraud, but does not involve changing roles. 'Separation of duties' is ensuring critical tasks are not controlled by a single individual, not about rotating jobs. 'Least privilege' is about providing only the access necessary to perform a job, not rotating roles. 'Clean desk policy' helps mitigate the risk of sensitive information being stolen from an employee’s workspace, but it does not involve rotating employees into different positions.