What are baseline security requirements that should be applied to the design and implementation of applications, databases, systems, network infrastructure, and information processing when considering cloud computing within an enterprise risk management framework?