Final answer:
The correct policy to identify and mitigate potential single points of failure in an organization's IT/security operations is Separation of duties. This policy divides responsibilities among different personnel to prevent a single point of failure and increase operational resilience.
Step-by-step explanation:
The student is asking which policies would help an organization to identify and mitigate potential single points of failure in its IT/security operations. The correct answer is C. Separation of duties. This policy ensures that critical tasks are not under the control of a single individual, which reduces the risk of a single point of failure. By requiring that multiple individuals are responsible for different parts of a process, it becomes more difficult for a single point of failure to occur because if one person is unavailable or makes a mistake, others can cover or correct it. This approach not just strengthens security but also encourages collaboration and oversight which can lead to better resilience and redundancy within the organizational processes. The other options can be briefly explained as follows: Least privilege (A) refers to giving users only the access that is strictly required for them to perform their jobs, which is also an important security policy but not as directly connected to mitigating single points of failure. Awareness training (B) deals with educating staff about security threats and best practices but again does not directly address the issue of single points of failure. Mandatory vacation (D) can help reveal dependencies on individuals when they're not available, so it might indirectly highlight single points of failure, but its primary purpose is not to directly mitigate them.